MSC4170: 403 error responses for profile APIs (#1867)

Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
2024-10-07 11:45:17 +02:00 · 2024-10-07 11:45:17 +02:00 · 871c10577e
commit 871c10577e
parent 27b4cdcc9e
5 changed files with 67 additions and 2 deletions
--- a/data/api/client-server/profile.yaml
+++ b/data/api/client-server/profile.yaml
@ -98,6 +98,20 @@ paths:
                  value: {
                    "displayname": "Alice Margatroid"
                  }
+        "403":
+          x-addedInMatrixVersion: "1.12"
+          description: The server is unwilling to disclose whether the user exists and/or
+            has a display name.
+          content:
+            application/json:
+              schema:
+                $ref: definitions/errors/error.yaml
+              examples:
+                response:
+                  value: {
+                    "errcode": "M_FORBIDDEN",
+                    "error": "Profile lookup is disabled on this homeserver"
+                  }
        "404":
          description: There is no display name for this user or this user does not exist.
      tags:
@ -185,6 +199,20 @@ paths:
                  value: {
                    "avatar_url": "mxc://matrix.org/SDGdghriugerRg"
                  }
+        "403":
+          x-addedInMatrixVersion: "1.12"
+          description: The server is unwilling to disclose whether the user exists and/or
+            has an avatar URL.
+          content:
+            application/json:
+              schema:
+                $ref: definitions/errors/error.yaml
+              examples:
+                response:
+                  value: {
+                    "errcode": "M_FORBIDDEN",
+                    "error": "Profile lookup is disabled on this homeserver"
+                  }
        "404":
          description: There is no avatar URL for this user or this user does not exist.
      tags:
@ -239,7 +267,7 @@ paths:
                response:
                  value: {
                    "errcode": "M_FORBIDDEN",
-                    "error": "Profile lookup over federation is disabled on this homeserver"
+                    "error": "Profile lookup is disabled on this homeserver"
                  }
        "404":
          description: There is no profile information for this user or this user does not
--- a/data/api/server-server/query.yaml
+++ b/data/api/server-server/query.yaml
@ -117,6 +117,9 @@ paths:

        Servers may wish to cache the response to this query to avoid requesting the
        information too often.
+
+        Servers MAY deny profile look-up over federation by responding with 403 and an
+        error code of `M_FORBIDDEN`.
      operationId: queryProfile
      security:
        - signedRequest: []
@ -172,6 +175,20 @@ paths:
                    "displayname": "John Doe",
                    "avatar_url": "mxc://matrix.org/MyC00lAvatar"
                  }
+        "403":
+          x-addedInMatrixVersion: "1.12"
+          description: The server is unwilling to disclose whether the user exists and/or
+            has profile information.
+          content:
+            application/json:
+              schema:
+                $ref: ../client-server/definitions/errors/error.yaml
+              examples:
+                response:
+                  value: {
+                    "errcode": "M_FORBIDDEN",
+                    "error": "Profile lookup over federation is disabled on this homeserver"
+                  }
        "404":
          description: The user does not exist or does not have a profile.
          content: