forked from MirrorHub/synapse
Add configs to make profile data more private (#9203)
Add off-by-default configuration settings to: - disable putting an invitee's profile info in invite events - disable profile lookup via federation Signed-off-by: Andrew Ferrazzutti <fair@miscworks.net>
This commit is contained in:
parent
84a7191410
commit
9bc74743d5
9 changed files with 66 additions and 7 deletions
1
changelog.d/9203.feature
Normal file
1
changelog.d/9203.feature
Normal file
|
@ -0,0 +1 @@
|
|||
Add some configuration settings to make users' profile data more private.
|
|
@ -101,6 +101,14 @@ pid_file: DATADIR/homeserver.pid
|
|||
#
|
||||
#limit_profile_requests_to_users_who_share_rooms: true
|
||||
|
||||
# Uncomment to prevent a user's profile data from being retrieved and
|
||||
# displayed in a room until they have joined it. By default, a user's
|
||||
# profile data is included in an invite event, regardless of the values
|
||||
# of the above two settings, and whether or not the users share a server.
|
||||
# Defaults to 'true'.
|
||||
#
|
||||
#include_profile_data_on_invite: false
|
||||
|
||||
# If set to 'true', removes the need for authentication to access the server's
|
||||
# public rooms directory through the client API, meaning that anyone can
|
||||
# query the room directory. Defaults to 'false'.
|
||||
|
@ -699,6 +707,12 @@ acme:
|
|||
# - matrix.org
|
||||
# - example.com
|
||||
|
||||
# Uncomment to disable profile lookup over federation. By default, the
|
||||
# Federation API allows other homeservers to obtain profile data of any user
|
||||
# on this homeserver. Defaults to 'true'.
|
||||
#
|
||||
#allow_profile_lookup_over_federation: false
|
||||
|
||||
|
||||
## Caching ##
|
||||
|
||||
|
|
|
@ -41,6 +41,10 @@ class FederationConfig(Config):
|
|||
)
|
||||
self.federation_metrics_domains = set(federation_metrics_domains)
|
||||
|
||||
self.allow_profile_lookup_over_federation = config.get(
|
||||
"allow_profile_lookup_over_federation", True
|
||||
)
|
||||
|
||||
def generate_config_section(self, config_dir_path, server_name, **kwargs):
|
||||
return """\
|
||||
## Federation ##
|
||||
|
@ -66,6 +70,12 @@ class FederationConfig(Config):
|
|||
#federation_metrics_domains:
|
||||
# - matrix.org
|
||||
# - example.com
|
||||
|
||||
# Uncomment to disable profile lookup over federation. By default, the
|
||||
# Federation API allows other homeservers to obtain profile data of any user
|
||||
# on this homeserver. Defaults to 'true'.
|
||||
#
|
||||
#allow_profile_lookup_over_federation: false
|
||||
"""
|
||||
|
||||
|
||||
|
|
|
@ -263,6 +263,12 @@ class ServerConfig(Config):
|
|||
False,
|
||||
)
|
||||
|
||||
# Whether to retrieve and display profile data for a user when they
|
||||
# are invited to a room
|
||||
self.include_profile_data_on_invite = config.get(
|
||||
"include_profile_data_on_invite", True
|
||||
)
|
||||
|
||||
if "restrict_public_rooms_to_local_users" in config and (
|
||||
"allow_public_rooms_without_auth" in config
|
||||
or "allow_public_rooms_over_federation" in config
|
||||
|
@ -848,6 +854,14 @@ class ServerConfig(Config):
|
|||
#
|
||||
#limit_profile_requests_to_users_who_share_rooms: true
|
||||
|
||||
# Uncomment to prevent a user's profile data from being retrieved and
|
||||
# displayed in a room until they have joined it. By default, a user's
|
||||
# profile data is included in an invite event, regardless of the values
|
||||
# of the above two settings, and whether or not the users share a server.
|
||||
# Defaults to 'true'.
|
||||
#
|
||||
#include_profile_data_on_invite: false
|
||||
|
||||
# If set to 'true', removes the need for authentication to access the server's
|
||||
# public rooms directory through the client API, meaning that anyone can
|
||||
# query the room directory. Defaults to 'false'.
|
||||
|
|
|
@ -484,10 +484,9 @@ class FederationQueryServlet(BaseFederationServlet):
|
|||
|
||||
# This is when we receive a server-server Query
|
||||
async def on_GET(self, origin, content, query, query_type):
|
||||
return await self.handler.on_query_request(
|
||||
query_type,
|
||||
{k.decode("utf8"): v[0].decode("utf-8") for k, v in query.items()},
|
||||
)
|
||||
args = {k.decode("utf8"): v[0].decode("utf-8") for k, v in query.items()}
|
||||
args["origin"] = origin
|
||||
return await self.handler.on_query_request(query_type, args)
|
||||
|
||||
|
||||
class FederationMakeJoinServlet(BaseFederationServlet):
|
||||
|
|
|
@ -387,6 +387,12 @@ class EventCreationHandler:
|
|||
|
||||
self.room_invite_state_types = self.hs.config.room_invite_state_types
|
||||
|
||||
self.membership_types_to_include_profile_data_in = (
|
||||
{Membership.JOIN, Membership.INVITE}
|
||||
if self.hs.config.include_profile_data_on_invite
|
||||
else {Membership.JOIN}
|
||||
)
|
||||
|
||||
self.send_event = ReplicationSendEventRestServlet.make_client(hs)
|
||||
|
||||
# This is only used to get at ratelimit function, and maybe_kick_guest_users
|
||||
|
@ -500,7 +506,7 @@ class EventCreationHandler:
|
|||
membership = builder.content.get("membership", None)
|
||||
target = UserID.from_string(builder.state_key)
|
||||
|
||||
if membership in {Membership.JOIN, Membership.INVITE}:
|
||||
if membership in self.membership_types_to_include_profile_data_in:
|
||||
# If event doesn't include a display name, add one.
|
||||
profile = self.profile_handler
|
||||
content = builder.content
|
||||
|
|
|
@ -310,6 +310,16 @@ class ProfileHandler(BaseHandler):
|
|||
await self._update_join_states(requester, target_user)
|
||||
|
||||
async def on_profile_query(self, args: JsonDict) -> JsonDict:
|
||||
"""Handles federation profile query requests.
|
||||
"""
|
||||
|
||||
if not self.hs.config.allow_profile_lookup_over_federation:
|
||||
raise SynapseError(
|
||||
403,
|
||||
"Profile lookup over federation is disabled on this homeserver",
|
||||
Codes.FORBIDDEN,
|
||||
)
|
||||
|
||||
user = UserID.from_string(args["user_id"])
|
||||
if not self.hs.is_mine(user):
|
||||
raise SynapseError(400, "User is not hosted on this homeserver")
|
||||
|
|
|
@ -213,8 +213,9 @@ class ReplicationGetQueryRestServlet(ReplicationEndpoint):
|
|||
content = parse_json_object_from_request(request)
|
||||
|
||||
args = content["args"]
|
||||
args["origin"] = content["origin"]
|
||||
|
||||
logger.info("Got %r query", query_type)
|
||||
logger.info("Got %r query from %s", query_type, args["origin"])
|
||||
|
||||
result = await self.registry.on_query(query_type, args)
|
||||
|
||||
|
|
|
@ -161,7 +161,11 @@ class ProfileTestCase(unittest.HomeserverTestCase):
|
|||
|
||||
response = self.get_success(
|
||||
self.query_handlers["profile"](
|
||||
{"user_id": "@caroline:test", "field": "displayname"}
|
||||
{
|
||||
"user_id": "@caroline:test",
|
||||
"field": "displayname",
|
||||
"origin": "servername.tld",
|
||||
}
|
||||
)
|
||||
)
|
||||
|
||||
|
|
Loading…
Reference in a new issue