Allow users to knock over and over, removing CS complexity
This commit is contained in:
Andrew Morgan
parent
61fea58ce0
commit
630f7c458c
1 changed files with 13 additions and 13 deletions
|
|
@ -46,18 +46,10 @@ that user can be transitioned to the following possible states:
|
|||
- `invite`: In this case, the knock was accepted by someone inside the room
|
||||
and they are inviting the knocker into the room.
|
||||
- `leave`: In this case, similar to how kicks are handled, the knock has
|
||||
been rejected.
|
||||
been rejected. Alternatively, the knocking user has rescinded their knock.
|
||||
- `ban`: In this case, the knock was rejected and the user has been prevented
|
||||
from sending further knocks.
|
||||
|
||||
Users are not allowed to change their membership once set to `knock`, in
|
||||
order to prevent users from being able to knock multiple times and spam a
|
||||
room.
|
||||
|
||||
XXX: So if you knock on a room that's then abandoned that's in your `/sync`
|
||||
forever? Clients should have a way to tell their server to hide and show
|
||||
knocks.
|
||||
|
||||
## Client-Server API
|
||||
Two new endpoints are introduced in the Client-Server API (similarly to
|
||||
join): `POST /_matrix/client/r0/rooms/{roomId}/knock` and `POST
|
||||
|
|
@ -84,7 +76,7 @@ Content-Type: application/json
|
|||
|
||||
#### Responses:
|
||||
##### Status code 200:
|
||||
The user knocked successfully. Empty reply:
|
||||
The user knocked successfully. Example reply:
|
||||
```json
|
||||
{}
|
||||
```
|
||||
|
|
@ -235,7 +227,6 @@ If they deny, then a leave membership event is sent in the room, and the
|
|||
knocking user will be notified through existing flows (matching the behaviour
|
||||
of when an invite is recinded).
|
||||
|
||||
|
||||
## Server-Server API
|
||||
Similarly to join and leave over federation, a ping-pong game with two new
|
||||
endpoints is introduced: `make_knock` and `send_knock`. Both endpoints must
|
||||
|
|
@ -414,5 +405,14 @@ essentially allow outsiders to send messages into the room.
|
|||
|
||||
It is still theoretically possible for a server admin to create many users
|
||||
with different user IDs or display names, all spelling out an abusive
|
||||
message, and then having each of them knock in order. In this case, room
|
||||
admins should employ typical abuse mitigation tools, such as Server ACLs.
|
||||
message, and then having each of them knock in order.
|
||||
|
||||
Another abuse vector is allowed by the ability for users to rescind knocks.
|
||||
This is to help users in case they knocked on a room accidentally, or simply
|
||||
no longer want to join a room they've knocked on. While this is a useful
|
||||
feature, it also allows users to spam a room by knocking and rescinding their
|
||||
knocks over and over.
|
||||
|
||||
In both cases, room admins should employ typical abuse mitigation tools, such
|
||||
as user bans and server ACLs. Clients are encouraged to ease employing these
|
||||
tools easy even if the offensive user or server is present not in the room.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue