Spec the terms of service handling for identity servers
Part of MSC2140 Convert status codes to strings if there is a string status code. Fixes a build error when we mix 4xx and 403 in the same definition. We also have to correct stringified numbers to pass the build.pull/977/head
Travis Ralston
5 years ago
parent
b7e84cf4ce
commit
afd5018494
@ -0,0 +1,149 @@
|
|||||||
|
# Copyright 2019 The Matrix.org Foundation C.I.C.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
swagger: '2.0'
|
||||||
|
info:
|
||||||
|
title: "Matrix Identity Service Terms of Service API"
|
||||||
|
version: "2.0.0"
|
||||||
|
host: localhost:8090
|
||||||
|
schemes:
|
||||||
|
- https
|
||||||
|
basePath: /_matrix/identity/v2
|
||||||
|
consumes:
|
||||||
|
- application/json
|
||||||
|
produces:
|
||||||
|
- application/json
|
||||||
|
securityDefinitions:
|
||||||
|
$ref: definitions/security.yaml
|
||||||
|
paths:
|
||||||
|
"/terms":
|
||||||
|
get:
|
||||||
|
summary: Gets the terms of service offered by the server.
|
||||||
|
description: |-
|
||||||
|
Gets all the terms of service offered by the server. The client is expected
|
||||||
|
to filter through the terms to determine which terms need acceptance from the
|
||||||
|
user. Note that this endpoint does not require authentication.
|
||||||
|
operationId: getTerms
|
||||||
|
parameters: []
|
||||||
|
responses:
|
||||||
|
200:
|
||||||
|
description: |-
|
||||||
|
The terms of service offered by the server.
|
||||||
|
examples:
|
||||||
|
application/json: {
|
||||||
|
"policies": {
|
||||||
|
"terms_of_service": {
|
||||||
|
"version": "2.0",
|
||||||
|
"en": {
|
||||||
|
"name": "Terms of Service",
|
||||||
|
"url": "https://example.org/somewhere/terms-2.0-en.html"
|
||||||
|
},
|
||||||
|
"fr": {
|
||||||
|
"name": "Conditions d'utilisation",
|
||||||
|
"url": "https://example.org/somewhere/terms-2.0-fr.html"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"privacy_policy": {
|
||||||
|
"version": "1.2",
|
||||||
|
"en": {
|
||||||
|
"name": "Privacy Policy",
|
||||||
|
"url": "https://example.org/somewhere/privacy-1.2-en.html"
|
||||||
|
},
|
||||||
|
"fr": {
|
||||||
|
"name": "Politique de confidentialité",
|
||||||
|
"url": "https://example.org/somewhere/privacy-1.2-fr.html"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
schema:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
policies:
|
||||||
|
type: object
|
||||||
|
title: Policy Map
|
||||||
|
description: |-
|
||||||
|
The policies the server offers. Mapped from arbitrary ID (unused in
|
||||||
|
this version of the specification) to a Policy Object.
|
||||||
|
additionalProperties:
|
||||||
|
type: object
|
||||||
|
title: Policy Object
|
||||||
|
description: |-
|
||||||
|
The policy. Includes a map of language (ISO 639-2) to language-specific
|
||||||
|
policy information.
|
||||||
|
properties:
|
||||||
|
version:
|
||||||
|
type: string
|
||||||
|
description: |-
|
||||||
|
The version for the policy. There are no requirements on what this
|
||||||
|
might be and could be "alpha", semantically versioned, or arbitrary.
|
||||||
|
required: ['version']
|
||||||
|
# TODO: TravisR - Make this render
|
||||||
|
additionalProperties:
|
||||||
|
type: object
|
||||||
|
title: Internationalised Policy
|
||||||
|
description: |-
|
||||||
|
The policy information for the specified language.
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
type: string
|
||||||
|
description: The translated name of the policy.
|
||||||
|
url:
|
||||||
|
type: string
|
||||||
|
description: |-
|
||||||
|
The URL, which should include the policy ID, version, and language
|
||||||
|
in it, to be presented to the user as the policy. URLs should have
|
||||||
|
all three criteria to avoid conflicts when the policy is updated
|
||||||
|
in the future: for example, if this was "https://example.org/terms.html"
|
||||||
|
then the server would be unable to update it because the client would
|
||||||
|
have already added that URL to the ``m.accepted_terms`` collection.
|
||||||
|
required: ['name', 'url']
|
||||||
|
required: ['policies']
|
||||||
|
post:
|
||||||
|
summary: Indicates acceptance of terms to the server.
|
||||||
|
description: |-
|
||||||
|
Called by a client to indicate that the user has accepted/agreed to the included
|
||||||
|
set of URLs. Servers MUST NOT assume that the client will be sending all previously
|
||||||
|
accepted URLs and should therefore append the provided URLs to what the server
|
||||||
|
already knows has been accepted.
|
||||||
|
|
||||||
|
Clients MUST provide the URL of the policy in the language that was presented
|
||||||
|
to the user. Servers SHOULD consider acceptance of any one language's URL as
|
||||||
|
acceptance for all other languages of that policy.
|
||||||
|
|
||||||
|
The server should avoid returning ``M_TERMS_NOT_SIGNED`` because the client
|
||||||
|
may not be accepting all terms at once.
|
||||||
|
operationId: agreeToTerms
|
||||||
|
security:
|
||||||
|
- accessToken: []
|
||||||
|
parameters:
|
||||||
|
- in: body
|
||||||
|
name: body
|
||||||
|
schema:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
user_accepts:
|
||||||
|
type: array
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
description: The URLs the user is accepting in this request.
|
||||||
|
example: "https://example.org/somewhere/terms-2.0-en.html"
|
||||||
|
required: ['user_accepts']
|
||||||
|
responses:
|
||||||
|
200:
|
||||||
|
description: |-
|
||||||
|
The server has considered the user as having accepted the provided URLs.
|
||||||
|
examples:
|
||||||
|
application/json: {}
|
||||||
|
schema:
|
||||||
|
type: object
|
||||||
@ -0,0 +1 @@
|
|||||||
|
Add endpoints for accepting and handling terms of service.
|
||||||
@ -0,0 +1,10 @@
|
|||||||
|
{
|
||||||
|
"$ref": "core/event.json",
|
||||||
|
"type": "m.accepted_terms",
|
||||||
|
"content": {
|
||||||
|
"accepted": [
|
||||||
|
"https://example.org/somewhere/terms-1.2-en.html",
|
||||||
|
"https://example.org/somewhere/privacy-1.2-en.html"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -0,0 +1,23 @@
|
|||||||
|
---
|
||||||
|
allOf:
|
||||||
|
- $ref: core-event-schema/event.yaml
|
||||||
|
description: |-
|
||||||
|
A list of terms URLs the user has previously accepted. Clients SHOULD use this
|
||||||
|
to avoid presenting the user with terms they have already agreed to.
|
||||||
|
properties:
|
||||||
|
content:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
accepted:
|
||||||
|
type: array
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
description: |-
|
||||||
|
The list of URLs the user has previously accepted. Should be appended to
|
||||||
|
when the user agrees to new terms.
|
||||||
|
type:
|
||||||
|
enum:
|
||||||
|
- m.accepted_terms
|
||||||
|
type: string
|
||||||
|
title: Accepted Terms of Service URLs
|
||||||
|
type: object
|
||||||
Loading…
Reference in New Issue