Inviting a user from a server with allow_profile_lookup_over_federation false gives a confusing error message

[thegcat]

We tried inviting a user from a server with allow_profile_lookup_over_federation: false and include_profile_data_on_invite: false (not sure which of those settings is actually relevant here) to an invite-only room. This causes Element to say (I can't remember the exact error message, sorry) that the profile might be invalid and won't let us inviting that user. The error on the inviting user's home server is:

May 11 22:00:12 matrix matrix-synapse-synchrotron9100[3783]: synapse.http.matrixfederationclient - 612 - WARNING - GET-67720 - {GET-O-51} [other.home.server] Request failed: GET matrix://other.home.server/_matrix/federation/v1/query/profile?user_id=%40some.user%3Aother.home.server&field=displayname: HttpResponseException('403: Forbidden‘)

Disabling the "warn before sending invites to invalid Matrix IDs" setting in the Element settings allows inviting the user and the invited user can join the room.

This is a least somewhat inconsistent in the wording as the Matrix ID is not invalid and it is not clear that it is possible to switch off that setting.

It also seems prior Element versions did not hinder inviting users from home servers with the above settings, some other user tried to reproduce this issue on Element 1.7.24 and did not see the above error message.

Element version of the inviting user: 1.7.27 macOS Desktop client
Synapse version of the inviting user: 1.33.2
Synapse version of the invited user: 1.31.0

[HarHarLinks]

I can repro the Error in Element nightly: Failed to invite the following users to chat: @mxid:server.tld

Element version of the inviting user: aur/element-desktop-nightly-bin 2021051201-1

---

This issue promises to be very relevant with institutional servers implementing the mentioned settings for user privacy. I suggest adding info to the error message about that, and the option to invite anyway.

[behrmann]

I am the user who tried to reproduce the issue on element-desktop 1.7.24 (on Arch Linux) and can confirm, that there it was possible to invite users from said home server via their mxid. One just gets a warning, that the mxid might not exists, but can invite the mxid nevertheless (either via a button that ignores the warning once or for the future as well).

This was even the case if one already had a direct chat with the user open.

Once this regression is fixed, maybe a note, that this could be due to privacy settings on the remote server, could be added.

[lxp]

This still seems to be a problem with Element Desktop version 1.9.3.

[DMRobertson]

Inviting someone using the "Invite to this room" button yields:

Failed to invite users to the room:

You do not have permission to invite people to this room.

I only have the option to press OK.

My client made a request to https://matrix-client.matrix.org/_matrix/client/r0/profile/<MXID> which returned 403. I'm guessing that Element Web doesn't have logic to handle a 403 or otherwise doesn't expect it? The surprising thing is that we don't seem to have tried to make an /invite/ request at all.

In fairness to Element-Web, the spec says the only response codes are 200 and 404. Spec deficiency? https://spec.matrix.org/v1.1/client-server-api/#get_matrixclientv3profileuserid

[callahad]

The Synapse team would like to expand the Matrix spec to codify HTTP 403 in this instance. That proposal is at matrix-org/matrix-spec-proposals#3530.

[johannes-krude]

The message displayed by element-web when inviting over the GUI seems to have changed, but the result is still the same.

In the Preferences there is the option Prompt before sending invites to potentially invalid matrix IDs. Disabling this option only changes the behavior of \invite, but not when inviting through the GUI. This option also does not really solve the problem, since I can not control this option for the element-web of the user who wants to invite me over federation.

[weeman1337]

I took a closer look at this one.

If setting allow_profile_lookup_over_federation: false the response is now

403:
{
  "errcode":"M_FORBIDDEN",
  "error":"Profile lookup over federation is disabled on this homeserver"
}

Then this dialogue appears:

If I uncheck Prompt before sending invites to potentially invalid matrix IDs in the preferences it is working.

---

With allow_profile_lookup_over_federation: true and a non-existing user leads to

---

After looking around in the code it looks like a bug that the „may not exist“ dialogue doesn't show up.