-
-
Notifications
You must be signed in to change notification settings - Fork 94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add missing 403 responses on profile endpoints #1867
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: Johannes Marbach <[email protected]>
@@ -98,6 +98,20 @@ paths: | |||
value: { | |||
"displayname": "Alice Margatroid" | |||
} | |||
"403": | |||
x-addedInMatrixVersion: "1.2" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know if this is correct but technically we're clarifying the 403 response introduced in Matrix v1.2.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, but will await opinions from other SCT members on https://github.com/matrix-org/matrix-spec/pull/1867/files#r1636536644
"403": | ||
x-addedInMatrixVersion: "1.2" | ||
description: The server is unwilling to disclose whether the user exists and/or | ||
has a display name. | ||
content: | ||
application/json: | ||
schema: | ||
$ref: ../client-server/definitions/errors/error.yaml | ||
examples: | ||
response: | ||
value: { | ||
"errcode": "M_FORBIDDEN", | ||
"error": "Profile lookup over federation is disabled on this homeserver" | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
actually: given MSC3550 didn't mention the federation API at all, making this change without an MSC seems like a bit of a stretch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(and while we're at it maybe we should discuss the additional client endpoints too, since they weren't technically covered by the MSC or the original spec PR)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
given MSC3550 didn't mention the federation API at all
It mentions that the reason the MSC is being written is for requests over federation, but then doesn't mention the federation endpoints at all.
I'm a bit torn on it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am (not eager but definitely) willing to put up a short MSC for this. I would like to ensure that it's time well spent though. So I'll hold off of doing anything until you've found an agreement on whether an MSC is needed or not.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We discussed it briefly at the time of richvdh's comment, and I think the thread here captures that discussion well. It feels like it needs an MSC because it's relatively unclear what the original MSC's intended scope was.
As a formality, my vote is +1.0 to needing an MSC because the intention and history are different stories.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, makes sense. I'll try and put something together next week.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR is now blocked on matrix-org/matrix-spec-proposals#4170.
Requires: matrix-org/matrix-spec-proposals#4170
The 403 response for the CS profile endpoint was originally introduced by matrix-org/matrix-spec-proposals#3550. Given that the other profile-related endpoints in the CS API and the corresponding endpoint in the SS API operate on the same data, I can only assume that adding the responses there as well was an oversight.
Pull Request Checklist
Preview: https://pr1867--matrix-spec-previews.netlify.app