From 140fbc8e0801ab7e0b101a7c06688dc871b063b4 Mon Sep 17 00:00:00 2001 From: Johannes Marbach Date: Wed, 12 Jun 2024 15:54:59 +0200 Subject: [PATCH 1/2] Add missing 403 responses on profile endpoints Signed-off-by: Johannes Marbach --- data/api/client-server/profile.yaml | 28 ++++++++++++++++++++++++++++ data/api/server-server/query.yaml | 14 ++++++++++++++ 2 files changed, 42 insertions(+) diff --git a/data/api/client-server/profile.yaml b/data/api/client-server/profile.yaml index e00bdd968..751548ba3 100644 --- a/data/api/client-server/profile.yaml +++ b/data/api/client-server/profile.yaml @@ -98,6 +98,20 @@ paths: value: { "displayname": "Alice Margatroid" } + "403": + x-addedInMatrixVersion: "1.2" + description: The server is unwilling to disclose whether the user exists and/or + has a display name. + content: + application/json: + schema: + $ref: definitions/errors/error.yaml + examples: + response: + value: { + "errcode": "M_FORBIDDEN", + "error": "Profile lookup over federation is disabled on this homeserver" + } "404": description: There is no display name for this user or this user does not exist. tags: @@ -185,6 +199,20 @@ paths: value: { "avatar_url": "mxc://matrix.org/SDGdghriugerRg" } + "403": + x-addedInMatrixVersion: "1.2" + description: The server is unwilling to disclose whether the user exists and/or + has an avatar URL. + content: + application/json: + schema: + $ref: definitions/errors/error.yaml + examples: + response: + value: { + "errcode": "M_FORBIDDEN", + "error": "Profile lookup over federation is disabled on this homeserver" + } "404": description: There is no avatar URL for this user or this user does not exist. tags: diff --git a/data/api/server-server/query.yaml b/data/api/server-server/query.yaml index efb3a6c9d..a50a3c529 100644 --- a/data/api/server-server/query.yaml +++ b/data/api/server-server/query.yaml @@ -170,6 +170,20 @@ paths: "displayname": "John Doe", "avatar_url": "mxc://matrix.org/MyC00lAvatar" } + "403": + x-addedInMatrixVersion: "1.2" + description: The server is unwilling to disclose whether the user exists and/or + has a display name. + content: + application/json: + schema: + $ref: ../client-server/definitions/errors/error.yaml + examples: + response: + value: { + "errcode": "M_FORBIDDEN", + "error": "Profile lookup over federation is disabled on this homeserver" + } "404": description: The user does not exist or does not have a profile. content: From a4ffd32f3351fc8347d6a3a3900f5c4e4c61ccef Mon Sep 17 00:00:00 2001 From: Johannes Marbach Date: Wed, 12 Jun 2024 16:05:57 +0200 Subject: [PATCH 2/2] Add changelogs --- changelogs/client_server/newsfragments/1867.clarification | 1 + changelogs/server_server/newsfragments/1867.clarification | 1 + 2 files changed, 2 insertions(+) create mode 100644 changelogs/client_server/newsfragments/1867.clarification create mode 100644 changelogs/server_server/newsfragments/1867.clarification diff --git a/changelogs/client_server/newsfragments/1867.clarification b/changelogs/client_server/newsfragments/1867.clarification new file mode 100644 index 000000000..61fca6592 --- /dev/null +++ b/changelogs/client_server/newsfragments/1867.clarification @@ -0,0 +1 @@ +Add missing 403 response on `/profile/{userId}/avatar_url` and `/profile/{userId}/displayname`. diff --git a/changelogs/server_server/newsfragments/1867.clarification b/changelogs/server_server/newsfragments/1867.clarification new file mode 100644 index 000000000..b1f7da623 --- /dev/null +++ b/changelogs/server_server/newsfragments/1867.clarification @@ -0,0 +1 @@ +Add missing 403 response on `/query/profile`.