Spec the terms of service handling for identity servers
Part of MSC2140 Convert status codes to strings if there is a string status code. Fixes a build error when we mix 4xx and 403 in the same definition. We also have to correct stringified numbers to pass the build.pull/977/head
parent
b7e84cf4ce
commit
afd5018494
@ -0,0 +1,149 @@
|
||||
# Copyright 2019 The Matrix.org Foundation C.I.C.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
swagger: '2.0'
|
||||
info:
|
||||
title: "Matrix Identity Service Terms of Service API"
|
||||
version: "2.0.0"
|
||||
host: localhost:8090
|
||||
schemes:
|
||||
- https
|
||||
basePath: /_matrix/identity/v2
|
||||
consumes:
|
||||
- application/json
|
||||
produces:
|
||||
- application/json
|
||||
securityDefinitions:
|
||||
$ref: definitions/security.yaml
|
||||
paths:
|
||||
"/terms":
|
||||
get:
|
||||
summary: Gets the terms of service offered by the server.
|
||||
description: |-
|
||||
Gets all the terms of service offered by the server. The client is expected
|
||||
to filter through the terms to determine which terms need acceptance from the
|
||||
user. Note that this endpoint does not require authentication.
|
||||
operationId: getTerms
|
||||
parameters: []
|
||||
responses:
|
||||
200:
|
||||
description: |-
|
||||
The terms of service offered by the server.
|
||||
examples:
|
||||
application/json: {
|
||||
"policies": {
|
||||
"terms_of_service": {
|
||||
"version": "2.0",
|
||||
"en": {
|
||||
"name": "Terms of Service",
|
||||
"url": "https://example.org/somewhere/terms-2.0-en.html"
|
||||
},
|
||||
"fr": {
|
||||
"name": "Conditions d'utilisation",
|
||||
"url": "https://example.org/somewhere/terms-2.0-fr.html"
|
||||
}
|
||||
},
|
||||
"privacy_policy": {
|
||||
"version": "1.2",
|
||||
"en": {
|
||||
"name": "Privacy Policy",
|
||||
"url": "https://example.org/somewhere/privacy-1.2-en.html"
|
||||
},
|
||||
"fr": {
|
||||
"name": "Politique de confidentialité",
|
||||
"url": "https://example.org/somewhere/privacy-1.2-fr.html"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
schema:
|
||||
type: object
|
||||
properties:
|
||||
policies:
|
||||
type: object
|
||||
title: Policy Map
|
||||
description: |-
|
||||
The policies the server offers. Mapped from arbitrary ID (unused in
|
||||
this version of the specification) to a Policy Object.
|
||||
additionalProperties:
|
||||
type: object
|
||||
title: Policy Object
|
||||
description: |-
|
||||
The policy. Includes a map of language (ISO 639-2) to language-specific
|
||||
policy information.
|
||||
properties:
|
||||
version:
|
||||
type: string
|
||||
description: |-
|
||||
The version for the policy. There are no requirements on what this
|
||||
might be and could be "alpha", semantically versioned, or arbitrary.
|
||||
required: ['version']
|
||||
# TODO: TravisR - Make this render
|
||||
additionalProperties:
|
||||
type: object
|
||||
title: Internationalised Policy
|
||||
description: |-
|
||||
The policy information for the specified language.
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
description: The translated name of the policy.
|
||||
url:
|
||||
type: string
|
||||
description: |-
|
||||
The URL, which should include the policy ID, version, and language
|
||||
in it, to be presented to the user as the policy. URLs should have
|
||||
all three criteria to avoid conflicts when the policy is updated
|
||||
in the future: for example, if this was "https://example.org/terms.html"
|
||||
then the server would be unable to update it because the client would
|
||||
have already added that URL to the ``m.accepted_terms`` collection.
|
||||
required: ['name', 'url']
|
||||
required: ['policies']
|
||||
post:
|
||||
summary: Indicates acceptance of terms to the server.
|
||||
description: |-
|
||||
Called by a client to indicate that the user has accepted/agreed to the included
|
||||
set of URLs. Servers MUST NOT assume that the client will be sending all previously
|
||||
accepted URLs and should therefore append the provided URLs to what the server
|
||||
already knows has been accepted.
|
||||
|
||||
Clients MUST provide the URL of the policy in the language that was presented
|
||||
to the user. Servers SHOULD consider acceptance of any one language's URL as
|
||||
acceptance for all other languages of that policy.
|
||||
|
||||
The server should avoid returning ``M_TERMS_NOT_SIGNED`` because the client
|
||||
may not be accepting all terms at once.
|
||||
operationId: agreeToTerms
|
||||
security:
|
||||
- accessToken: []
|
||||
parameters:
|
||||
- in: body
|
||||
name: body
|
||||
schema:
|
||||
type: object
|
||||
properties:
|
||||
user_accepts:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
description: The URLs the user is accepting in this request.
|
||||
example: "https://example.org/somewhere/terms-2.0-en.html"
|
||||
required: ['user_accepts']
|
||||
responses:
|
||||
200:
|
||||
description: |-
|
||||
The server has considered the user as having accepted the provided URLs.
|
||||
examples:
|
||||
application/json: {}
|
||||
schema:
|
||||
type: object
|
@ -0,0 +1 @@
|
||||
Add endpoints for accepting and handling terms of service.
|
@ -0,0 +1,10 @@
|
||||
{
|
||||
"$ref": "core/event.json",
|
||||
"type": "m.accepted_terms",
|
||||
"content": {
|
||||
"accepted": [
|
||||
"https://example.org/somewhere/terms-1.2-en.html",
|
||||
"https://example.org/somewhere/privacy-1.2-en.html"
|
||||
]
|
||||
}
|
||||
}
|
@ -0,0 +1,23 @@
|
||||
---
|
||||
allOf:
|
||||
- $ref: core-event-schema/event.yaml
|
||||
description: |-
|
||||
A list of terms URLs the user has previously accepted. Clients SHOULD use this
|
||||
to avoid presenting the user with terms they have already agreed to.
|
||||
properties:
|
||||
content:
|
||||
type: object
|
||||
properties:
|
||||
accepted:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
description: |-
|
||||
The list of URLs the user has previously accepted. Should be appended to
|
||||
when the user agrees to new terms.
|
||||
type:
|
||||
enum:
|
||||
- m.accepted_terms
|
||||
type: string
|
||||
title: Accepted Terms of Service URLs
|
||||
type: object
|
Loading…
Reference in New Issue