add option to require an access_token to GET /profile on CS API

2024-12-19 01:21:09 +03:00 · 2019-04-21 00:58:53 +01:00 · 2019-04-21 00:58:53 +01:00 · b31d56efac
commit b31d56efac
parent 0fcf7e5c57
2 changed files with 14 additions and 0 deletions
--- a/synapse/config/server.py
+++ b/synapse/config/server.py
@ -71,6 +71,10 @@ class ServerConfig(Config):
        # master, potentially causing inconsistency.
        self.enable_media_repo = config.get("enable_media_repo", True)

+        # whether to require users to authenticate in order to query /profile
+        # endpoints via CS API. this is a workaround in advance of MSC1301 landing
+        self.auth_profile_reqs = config.get("auth_profile_reqs", True)
+
        # whether to enable search. If disabled, new entries will not be inserted
        # into the search tables and they will not be indexed. Users will receive
        # errors when attempting to search for messages.
@ -318,6 +322,10 @@ class ServerConfig(Config):
        #
        #use_presence: false

+        # whether to require users to authenticate in order to query /profile
+        # endpoints via CS API. this is a workaround in advance of MSC1301 landing
+        #auth_profile_reqs: false
+
        # The GC threshold parameters to pass to `gc.set_threshold`, if defined
        #
        #gc_thresholds: [700, 10, 10]
--- a/synapse/rest/client/v1/profile.py
+++ b/synapse/rest/client/v1/profile.py
@ -36,6 +36,8 @@ class ProfileDisplaynameRestServlet(ClientV1RestServlet):

    @defer.inlineCallbacks
    def on_GET(self, request, user_id):
+        if self.hs.config.auth_profile_reqs:
+            yield self.auth.get_user_by_req(request)
        user = UserID.from_string(user_id)

        displayname = yield self.profile_handler.get_displayname(
@ -99,6 +101,8 @@ class ProfileAvatarURLRestServlet(ClientV1RestServlet):

    @defer.inlineCallbacks
    def on_GET(self, request, user_id):
+        if self.hs.config.auth_profile_reqs:
+            yield self.auth.get_user_by_req(request)
        user = UserID.from_string(user_id)

        avatar_url = yield self.profile_handler.get_avatar_url(
@ -160,6 +164,8 @@ class ProfileRestServlet(ClientV1RestServlet):

    @defer.inlineCallbacks
    def on_GET(self, request, user_id):
+        if self.hs.config.auth_profile_reqs:
+            yield self.auth.get_user_by_req(request)
        user = UserID.from_string(user_id)

        displayname = yield self.profile_handler.get_displayname(