From 26e076515927e445807746d3317c1af750093ce3 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Tue, 4 Jan 2022 20:29:40 -0700 Subject: [PATCH] Add guest changes to spec: MSC3069 and MSC3419 (#3605) * Add MSC3069 support https://github.com/matrix-org/matrix-doc/pull/3069 * Add MSC3419 support https://github.com/matrix-org/matrix-doc/pull/3419 * Normalize and fix guest access endpoints list * Changelogs --- .../newsfragments/3605.feature.1 | 1 + .../newsfragments/3605.feature.2 | 1 + .../client-server-api/modules/guest_access.md | 48 +++++++++++-------- data/api/client-server/whoami.yaml | 7 +++ layouts/shortcodes/changed-in.html | 8 ++++ 5 files changed, 45 insertions(+), 20 deletions(-) create mode 100644 changelogs/client_server/newsfragments/3605.feature.1 create mode 100644 changelogs/client_server/newsfragments/3605.feature.2 create mode 100644 layouts/shortcodes/changed-in.html diff --git a/changelogs/client_server/newsfragments/3605.feature.1 b/changelogs/client_server/newsfragments/3605.feature.1 new file mode 100644 index 00000000000..37ad505da83 --- /dev/null +++ b/changelogs/client_server/newsfragments/3605.feature.1 @@ -0,0 +1 @@ +Add `is_guest` to `/account/whoami` as per [MSC3069](https://github.com/matrix-org/matrix-doc/pull/3069). \ No newline at end of file diff --git a/changelogs/client_server/newsfragments/3605.feature.2 b/changelogs/client_server/newsfragments/3605.feature.2 new file mode 100644 index 00000000000..41651c8ad4e --- /dev/null +++ b/changelogs/client_server/newsfragments/3605.feature.2 @@ -0,0 +1 @@ +Expand guest access to sending any room event and state event as per [MSC3419](https://github.com/matrix-org/matrix-doc/pull/3419). \ No newline at end of file diff --git a/content/client-server-api/modules/guest_access.md b/content/client-server-api/modules/guest_access.md index dbdc2bfb156..2cfe1789ef5 100644 --- a/content/client-server-api/modules/guest_access.md +++ b/content/client-server-api/modules/guest_access.md @@ -38,38 +38,43 @@ rather than allowing all homeservers to enforce the rules on each other. The following API endpoints are allowed to be accessed by guest accounts for retrieving events: -- [GET /rooms/:room\_id/state](#get_matrixclientv3roomsroomidstate) -- [GET /rooms/:room\_id/context/:event\_id](#get_matrixclientv3roomsroomidcontexteventid) -- [GET /rooms/:room\_id/event/:event\_id](#get_matrixclientv3roomsroomideventeventid) -- [GET /rooms/:room\_id/state/:event\_type/:state\_key](#get_matrixclientv3roomsroomidstateeventtypestatekey) -- [GET /rooms/:room\_id/messages](#get_matrixclientv3roomsroomidmessages) -- {{% added-in v="1.1" %}} [GET /rooms/:room\_id/members](#get_matrixclientv3roomsroomidmembers) -- [GET /rooms/:room\_id/initialSync](#get_matrixclientv3roomsroomidinitialsync) -- [GET /sync](#get_matrixclientv3sync) -- [GET /events](#get_matrixclientv3events) as used for room previews. +* [GET /rooms/{roomId}/state](#get_matrixclientv3roomsroomidstate) +* [GET /rooms/{roomId}/context/{eventId}](#get_matrixclientv3roomsroomidcontexteventid) +* [GET /rooms/{roomId}/event/{eventId}](#get_matrixclientv3roomsroomideventeventid) +* [GET /rooms/{roomId}/state/{eventType}/{stateKey}](#get_matrixclientv3roomsroomidstateeventtypestatekey) +* [GET /rooms/{roomId}/messages](#get_matrixclientv3roomsroomidmessages) +* {{< added-in v="1.1" >}} [GET /rooms/{roomId}/members](#get_matrixclientv3roomsroomidmembers) +* [GET /rooms/{roomId}/initialSync](#get_matrixclientv3roomsroomidinitialsync) +* [GET /sync](#get_matrixclientv3sync) +* [GET /events](#get_matrixclientv3events) as used for room previews. The following API endpoints are allowed to be accessed by guest accounts for sending events: -- [POST /rooms/:room\_id/join](#post_matrixclientv3roomsroomidjoin) -- [POST /rooms/:room\_id/leave](#post_matrixclientv3roomsroomidleave) -- [PUT /rooms/:room\_id/send/m.room.message/:txn\_id](#put_matrixclientv3roomsroomidsendeventtypetxnid) -- [PUT /sendToDevice/{eventType}/{txnId}](#put_matrixclientv3sendtodeviceeventtypetxnid) +* [POST /rooms/{roomId}/join](#post_matrixclientv3roomsroomidjoin) +* [POST /rooms/{roomId}/leave](#post_matrixclientv3roomsroomidleave) +* [PUT /rooms/{roomId}/send/{eventType}/{txnId}](#put_matrixclientv3roomsroomidsendeventtypetxnid) + + * {{< changed-in v="1.2" >}} Guests can now send *any* event type rather than just `m.room.message` events. + +* {{< added-in v="1.2" >}} [PUT /rooms/{roomId}/state/{eventType}/{stateKey}](#put_matrixclientv3roomsroomidstateeventtypestatekey) +* [PUT /sendToDevice/{eventType}/{txnId}](#put_matrixclientv3sendtodeviceeventtypetxnid) The following API endpoints are allowed to be accessed by guest accounts for their own account maintenance: -- [PUT /profile/:user\_id/displayname](#put_matrixclientv3profileuseriddisplayname) -- [GET /devices](#get_matrixclientv3devices) -- [GET /devices/{deviceId}](#get_matrixclientv3devicesdeviceid) -- [PUT /devices/{deviceId}](#put_matrixclientv3devicesdeviceid) +* [PUT /profile/{userId}/displayname](#put_matrixclientv3profileuseriddisplayname) +* [GET /devices](#get_matrixclientv3devices) +* [GET /devices/{deviceId}](#get_matrixclientv3devicesdeviceid) +* [PUT /devices/{deviceId}](#put_matrixclientv3devicesdeviceid) +* {{< added-in v="1.2" >}} [GET /account/whoami](#get_matrixclientv3accountwhoami) The following API endpoints are allowed to be accessed by guest accounts for end-to-end encryption: -- [POST /keys/upload](#post_matrixclientv3keysupload) -- [POST /keys/query](#post_matrixclientv3keysquery) -- [POST /keys/claim](#post_matrixclientv3keysclaim) +* [POST /keys/upload](#post_matrixclientv3keysupload) +* [POST /keys/query](#post_matrixclientv3keysquery) +* [POST /keys/claim](#post_matrixclientv3keysclaim) #### Server behaviour @@ -88,3 +93,6 @@ properly enforce the permissions outlined in this section. Homeservers may want to enable protections such as captchas for guest registration to prevent spam, denial of service, and similar attacks. + +Homeservers may want to put stricter rate limits on guest accounts, +particularly for sending state events. diff --git a/data/api/client-server/whoami.yaml b/data/api/client-server/whoami.yaml index d53ed158127..727f7e642f8 100644 --- a/data/api/client-server/whoami.yaml +++ b/data/api/client-server/whoami.yaml @@ -65,6 +65,13 @@ paths: is associated with the access token (such as in the case of application services) then this field can be omitted. Otherwise this is required. + is_guest: + x-addedInMatrixVersion: "1.2" + type: boolean + description: |- + When `true`, the user is a [Guest User](#guest-access). When + not present or `false`, the user is presumed to be a non-guest + user. 401: description: The token is not recognised diff --git a/layouts/shortcodes/changed-in.html b/layouts/shortcodes/changed-in.html new file mode 100644 index 00000000000..0eb35faa54c --- /dev/null +++ b/layouts/shortcodes/changed-in.html @@ -0,0 +1,8 @@ +{{ $ver := .Params.v }} +{{ $this := .Params.this }} + +{{ if $this }} + **[Changed in this version]** +{{ else }} + **[Changed in `v{{ $ver }}`]** +{{ end }} {{/* Do not leave an empty line at the end of this file otherwise the inline behaviour breaks. */}} \ No newline at end of file