Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

We need a config option to limit the public room directory to registered users only (SYN-584) #1467

Closed
matrixbot opened this issue Jan 7, 2016 · 6 comments
Closed

We need a config option to limit the public room directory to registered users only (SYN-584) #1467

matrixbot opened this issue Jan 7, 2016 · 6 comments
Assignees
@babolivier

Comments

@matrixbot
Copy link
Member

Submitted by @​matthew:matrix.org
Use case is to stop sensitive publicroom data leaking from an otherwise federated HS. This is relevant to our own 'private' HS!

(Imported from https://matrix.org/jira/browse/SYN-584)
@matrixbot
Copy link
Member Author

Jira watchers: @ara4n

@matrixbot
Copy link
Member Author

A workaround patch I did for Charlie on HQ:

(env)sierra:synapse matthew$ git diff
diff --git a/synapse/rest/client/v1/room.py b/synapse/rest/client/v1/room.py
index 926f77d..ed80908 100644
--- a/synapse/rest/client/v1/room.py
+++ b/synapse/rest/client/v1/room.py
@​@​ -284,6 +284,7 @​@​ class PublicRoomListRestServlet(ClientV1RestServlet):

     @​defer.inlineCallbacks
     def on_GET(self, request):
+        user, _, _ = yield self.auth.get_user_by_req(request)
         handler = self.handlers.room_list_handler
         data = yield handler.get_public_room_list()
         defer.returnValue((200, data))

-- @ara4n

@matrixbot matrixbot changed the title We need a config option to limit /publicRooms to registered users only (SYN-584) We need a config option to limit /publicRooms to registered users only (https://github.com/matrix-org/synapse/issues/1467) Nov 7, 2016
@matrixbot matrixbot changed the title We need a config option to limit /publicRooms to registered users only (https://github.com/matrix-org/synapse/issues/1467) We need a config option to limit /publicRooms to registered users only (SYN-584) Nov 7, 2016
@ara4n ara4n mentioned this issue Apr 23, 2018
Closed
@ara4n
Copy link
Member

ara4n commented Apr 23, 2018

spec bug: https://github.com/matrix-org/matrix-doc/issues/612

@ara4n ara4n mentioned this issue Apr 23, 2018
Closed
@richvdh richvdh mentioned this issue Nov 15, 2018
Closed
@richvdh
Copy link
Member

richvdh commented Feb 13, 2019

Note that doing this needs a spec change, as per matrix-org/matrix-doc#612

@ara4n ara4n changed the title We need a config option to limit /publicRooms to registered users only (SYN-584) We need a config option to limit the public room directory to registered users only (SYN-584) Apr 21, 2019
@ara4n
Copy link
Member

ara4n commented Apr 21, 2019

the specific case of restricting the CS API to registered users is now handled in #5083 (which in turn is a port of matrix-org/matrix-spec#584).

I do not think this has to be blocked on a spec change to enhance CS API's /publicRooms to distinguish "show rooms for the general public" v. "show rooms for registered users" (and migration to use that system, and aligning it with upcoming per-community room directories, etc) - we have a clear need right now for people who simply don't want the /publicRooms endpoint to be available to unregistered users.

Meanwhile, we do need to figure out the semantics for how to restrict access over SS API. I personally would do this as another config option, of the form allow_public_rooms_over_federation or similar, to give admins an easy way to stop their roomdir being queried via fed.

@babolivier babolivier self-assigned this Apr 23, 2019
@babolivier babolivier mentioned this issue Apr 23, 2019
Closed
@ara4n
Copy link
Member

ara4n commented May 8, 2019

closed by #5083. thanks @babolivier!

@ara4n ara4n closed this as completed May 8, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@babolivier babolivier

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@neilisfragile @ara4n @richvdh @babolivier @matrixbot