MSC4170: 403 error responses for profile APIs (#1867)

Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
2024-10-07 11:45:17 +02:00 · 2024-10-07 11:45:17 +02:00 · 871c10577e
commit 871c10577e
parent 27b4cdcc9e
5 changed files with 67 additions and 2 deletions
--- a/changelogs/client_server/newsfragments/1867.feature
+++ b/changelogs/client_server/newsfragments/1867.feature
@ -0,0 +1 @@
+Add 403 responses on `/profile/{userId}/avatar_url` and `/profile/{userId}/displayname` as per [MSC4170](https://github.com/matrix-org/matrix-spec-proposals/pull/4170).
--- a/changelogs/server_server/newsfragments/1867.feature
+++ b/changelogs/server_server/newsfragments/1867.feature
@ -0,0 +1 @@
+Add 403 response on `/query/profile` as per [MSC4170](https://github.com/matrix-org/matrix-spec-proposals/pull/4170).
--- a/content/client-server-api/_index.md
+++ b/content/client-server-api/_index.md
@ -2753,7 +2753,25 @@ re-invited.

 {{% http-api spec="client-server" api="profile" %}}

-#### Events on Change of Profile Information
+#### Server behaviour
+
+Homeservers MUST at a minimum allow profile look-up for:
+
+-   users that share a room with the requesting user
+-   users that reside in public rooms known to the homeserver
+
+In all other cases, homeservers MAY deny profile look-up by responding with
+403 and an error code of `M_FORBIDDEN`.
+
+When a remote user is queried and the query is not denied per the above,
+homeservers SHOULD query the remote server for the user's profile information.
+The remote server MAY itself deny profile queries over federation, however.
+
+When the requested user does not exist, homeservers MAY choose whether to
+respond with 403 or 404. If the server denies profile look-up in all but the
+required cases, 403 is RECOMMENDED.
+
+##### Events on Change of Profile Information

 Because the profile display name and avatar information are likely to be
 used in many places of a client's display, changes to these fields cause
--- a/data/api/client-server/profile.yaml
+++ b/data/api/client-server/profile.yaml
@ -98,6 +98,20 @@ paths:
                  value: {
                    "displayname": "Alice Margatroid"
                  }
+        "403":
+          x-addedInMatrixVersion: "1.12"
+          description: The server is unwilling to disclose whether the user exists and/or
+            has a display name.
+          content:
+            application/json:
+              schema:
+                $ref: definitions/errors/error.yaml
+              examples:
+                response:
+                  value: {
+                    "errcode": "M_FORBIDDEN",
+                    "error": "Profile lookup is disabled on this homeserver"
+                  }
        "404":
          description: There is no display name for this user or this user does not exist.
      tags:
@ -185,6 +199,20 @@ paths:
                  value: {
                    "avatar_url": "mxc://matrix.org/SDGdghriugerRg"
                  }
+        "403":
+          x-addedInMatrixVersion: "1.12"
+          description: The server is unwilling to disclose whether the user exists and/or
+            has an avatar URL.
+          content:
+            application/json:
+              schema:
+                $ref: definitions/errors/error.yaml
+              examples:
+                response:
+                  value: {
+                    "errcode": "M_FORBIDDEN",
+                    "error": "Profile lookup is disabled on this homeserver"
+                  }
        "404":
          description: There is no avatar URL for this user or this user does not exist.
      tags:
@ -239,7 +267,7 @@ paths:
                response:
                  value: {
                    "errcode": "M_FORBIDDEN",
-                    "error": "Profile lookup over federation is disabled on this homeserver"
+                    "error": "Profile lookup is disabled on this homeserver"
                  }
        "404":
          description: There is no profile information for this user or this user does not
--- a/data/api/server-server/query.yaml
+++ b/data/api/server-server/query.yaml
@ -117,6 +117,9 @@ paths:

        Servers may wish to cache the response to this query to avoid requesting the
        information too often.
+
+        Servers MAY deny profile look-up over federation by responding with 403 and an
+        error code of `M_FORBIDDEN`.
      operationId: queryProfile
      security:
        - signedRequest: []
@ -172,6 +175,20 @@ paths:
                    "displayname": "John Doe",
                    "avatar_url": "mxc://matrix.org/MyC00lAvatar"
                  }
+        "403":
+          x-addedInMatrixVersion: "1.12"
+          description: The server is unwilling to disclose whether the user exists and/or
+            has profile information.
+          content:
+            application/json:
+              schema:
+                $ref: ../client-server/definitions/errors/error.yaml
+              examples:
+                response:
+                  value: {
+                    "errcode": "M_FORBIDDEN",
+                    "error": "Profile lookup over federation is disabled on this homeserver"
+                  }
        "404":
          description: The user does not exist or does not have a profile.
          content:
				`@ -0,0 +1 @@`
				Add 403 responses on `/profile/{userId}/avatar_url` and `/profile/{userId}/displayname` as per [MSC4170](https://github.com/matrix-org/matrix-spec-proposals/pull/4170).
				`@ -0,0 +1 @@`
				Add 403 response on `/query/profile` as per [MSC4170](https://github.com/matrix-org/matrix-spec-proposals/pull/4170).