Federation requests must be for local users. (#1672)

This is already mentioned for /user/devices, but is not mentioned for /query/profile, /user/keys/claim, or /user/keys/query.

See GHSA-mp92-3jfm-3575 for an issue found with this in Synapse.
pull/1676/head
Patrick Cloke 1 year ago committed by GitHub
parent 7b72c42ba6
commit 161a4a2cfb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -0,0 +1 @@
Clarify that federation requests for non-local users are invalid.

@ -121,7 +121,7 @@ paths:
parameters:
- in: query
name: user_id
description: The user ID to query.
description: The user ID to query. Must be a user local to the receiving homeserver.
required: true
example: "@someone:example.org"
schema:

@ -34,7 +34,8 @@ paths:
type: object
description: |-
The keys to be claimed. A map from user ID, to a map from
device ID to algorithm name.
device ID to algorithm name. Requested users must be local
to the receiving homeserver.
additionalProperties:
type: object
additionalProperties:
@ -121,7 +122,8 @@ paths:
description: |-
The keys to be downloaded. A map from user ID, to a list of
device IDs, or to an empty list to indicate all devices for the
corresponding user.
corresponding user. Requested users must be local to the
receiving homeserver.
additionalProperties:
type: array
items:

Loading…
Cancel
Save