Skip to content
This repository was archived by the owner on Apr 26, 2024. It is now read-only.
This repository was archived by the owner on Apr 26, 2024. It is now read-only.

Drop support for calling /_matrix/client/v3/rooms/{roomId}/invite without an id_access_token #13206

Closed
#13241
Closed
Drop support for calling /_matrix/client/v3/rooms/{roomId}/invite without an id_access_token#13206
#13241
Labels
A-Spec-Complianceplaces where synapse does not conform to the specT-DefectBugs, crashes, hangs, security vulnerabilities, or other reported issues.
@richvdh

Description

@richvdh
richvdh
opened on Jul 6, 2022

The 3pid-invite version of POST /_matrix/client/v3/rooms/{roomId}/invite (spec) has id_access_token as a required parameter.

We currently accept requests without an id_access_token, and then call /_matrix/identity/api/v1/lookup, which was removed from the spec over a year ago (matrix-org/matrix-spec-proposals#2713).

Instead, we should simply reject any requests that do not pass an id_access_token.

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-Spec-Complianceplaces where synapse does not conform to the specT-DefectBugs, crashes, hangs, security vulnerabilities, or other reported issues.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions