add options to require an access_token to GET /profile and /publicRooms on CS API (#5083) - matrix/thirdparty/synapse.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Matthew Hodgson <matthew@arasphere.net>	2019-05-08 18:26:56 +0100
committer	Brendan Abolivier <babolivier@matrix.org>	2019-05-08 18:26:56 +0100
commit	c0e0740bef0db661abce352afaf6c958e276f11d (patch)
tree	812ad8af52b57cd80d7435beaa97acd9c41d6e0f /tests/handlers
parent	Merge pull request #5037 from matrix-org/erikj/limit_inflight_dns (diff)
download	synapse-c0e0740bef0db661abce352afaf6c958e276f11d.tar.xz

add options to require an access_token to GET /profile and /publicRooms on CS API (#5083)

This commit adds two config options:

* `restrict_public_rooms_to_local_users`

Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API.

* `require_auth_for_profile_requests`

When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301.

MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though.

Groups have been intentionally omitted from this commit.

Diffstat (limited to 'tests/handlers')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: