diff options
author | Will Hunt <will@half-shot.uk> | 2019-12-16 16:11:55 +0000 |
---|---|---|
committer | Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> | 2019-12-16 16:11:55 +0000 |
commit | bfb95654c97a8d3aa164eff96ecc13755c1c326d (patch) | |
tree | ed4b8ff50105d77770898e9e485eb3060996d598 /synapse/handlers | |
parent | Exclude rejected state events when calculating state at backwards extrems (#6... (diff) | |
download | synapse-bfb95654c97a8d3aa164eff96ecc13755c1c326d.tar.xz |
Add option to allow profile queries without sharing a room (#6523)
Diffstat (limited to 'synapse/handlers')
-rw-r--r-- | synapse/handlers/profile.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/synapse/handlers/profile.py b/synapse/handlers/profile.py index 1e5a4613c9..f9579d69ee 100644 --- a/synapse/handlers/profile.py +++ b/synapse/handlers/profile.py @@ -295,12 +295,16 @@ class BaseProfileHandler(BaseHandler): be found to be in any room the server is in, and therefore the query is denied. """ + # Implementation of MSC1301: don't allow looking up profiles if the # requester isn't in the same room as the target. We expect requester to # be None when this function is called outside of a profile query, e.g. # when building a membership event. In this case, we must allow the # lookup. - if not self.hs.config.require_auth_for_profile_requests or not requester: + if ( + not self.hs.config.limit_profile_requests_to_users_who_share_rooms + or not requester + ): return # Always allow the user to query their own profile. |