allow_profile_lookup_over_federation=false prevents inviting users to rooms over federation

[johannes-krude]

A user which is on a server with allow_profile_lookup_over_federation=false can not be invited over federation to a room.

On my homeserver I set allow_profile_lookup_over_federation=false. I then used https://app.element.io/ to login to matrix.org and created a room and tried to invite a user from my homeserver. Element responded with "You do not have permission to invite people to this room". When inviting a matrix.org user, the invite succeeded.

After changing the setting to allow_profile_lookup_over_federation: true on my homeserver, the invite succeeded.

The misleading error message may be related to: element-hq/element-web#19598

[DMRobertson]

At first glance, that sounds like it might be a client bug rather than a server-side bug. Maybe it has some logic for retrieving the profile information first, only later does it request the invite.

[johannes-krude]

I found a element-web issue for this: element-hq/element-web#17269
Since there seems to be a client side workaround, this can possibly be fixed in the client?

[DMRobertson]

I reproduced the issue with the help of @reivilibre. I couldn't invite him with this setting turned on in Element Web. However I was able to invite him using Fractal. This means that the fault lies with Element Web, and not in Synapse.

Thank you for finding the issue in the element-web repo. I'll add some more details there and then close this issue.

[DMRobertson]

On second thoughts, the spec only describes two return codes: 404 and 200. I wonder if we should change the 403 response to 404.

[reivilibre]

On second thoughts, the spec only describes two return codes: 404 and 200. I wonder if we should change the 403 response to 404.

I'm not sure I agree. The spec is probably a better venue to have this discussion, but clients benefit from knowing the difference between 'that user isn't found' and 'I can't tell you if that user exists'.
Notably, Element Web will warn you and ask if you're sure you want to invite a user that doesn't exist. People will probably disable this option for privacy reasons, and showing the warning that they don't exist seems like it will make privacy-conscious users' lives worse. Equally, getting EW to remove the warning will mean that users may genuinely suffer if they make an honest typo.

So my personal opinion is that the spec needs an extra error code defining for this case. Not guaranteeing that 403 is the answer, but not saying it isn't.

[callahad]

Consensus here is that we'd like to discuss this with the Spec Core Team. Options are:

• Expand the Spec to include 403's, indicating that the target server will not tell us whether a user exists and/or has profile data.
• Align to the Spec by returning a 404 instead of a 403 when allow_profile_lookup_over_federation=false, even if it loses precision in the error codes.

[callahad]

(Expanding the Spec seems slightly preferable, as it retains precision and aligns with de facto behavior in the wild)

[callahad]

See matrix-org/matrix-spec-proposals#3530

[H-Shay]

Closing, as I believe this was resolved by matrix-org/matrix-spec-proposals#3550.