* Part 1: Invites
* Part 2: Knocks
* Use correct schema and examples; Remind readers often about formats
* changelogs
* Add schema warning
* Name the objects
* Move changed-in and expand upon it
* Rename the example
* address review feedback
* Placeholder
* i++
* Room version 12
Template out a v12 room version
Make v12 default, per MSC4304
Update PDU checks and auth event selection per MSC4291
Describe new room_id format per MSC4291
Move v6 depth definition to a component for easier referencing
Move room_id to a component to prep for v12, per MSC4291
Create and use a new room_id component for v12+ per MSC4291
Reflect auth events selection change onto all room versions per MSC4291
The MSC asks the `description` of `auth_events` to be adjusted, however this feels like a better representation of the change.
Add `room_id` format rules and renumber per MSC4291
Reflect change to rule 1.2 per MSC4291
Insert same room_id check to v1-12 auth rules per MSC4307 and MSC4291
Deprecate `predecessor.event_id` per MSC4291
Insert auth rule to validate `additional_creators` per MSC4289
Insert rule for `users` validation of creators and renumber per MSC4289
Define "room creator(s)" per MSC4289
Spec `additional_creators` on create events per MSC4289
Spec `additional_creators` on `/upgrade` per MSC4289
The MSC doesn't mention how to handle unsupported room versions, but the Synapse implementation used for FCP ignores the field in such room versions. This feels like a good approach, and will need clarifying in the MSC too (if accepted at the spec level).
Add notes to `/upgrade` behaviour per MSC4289 and MSC4291
Describe how additional creators work during room creation per MSC4289
Fix default user power level descriptions per MSC4289
Describe tombstone power level changes per MSC4289
Warn clients about event format changes in v12 per MSC4289 and MSC4291
Flag additional room creators support for client reference per MSC4289
Remove TODO now that it's fully addressed
Copy state res into v12 as-is for modification
Apply Modification 1 to SR2.1 per MSC4297
Apply Modification 2 to SR2.1 per MSC4297
Add summary box to the top of SR2.1 for ease of developer reference
Modification 2 was split into items 2 and 3 for further ease of understanding.
Add all the changelogs
`x` is used until a real PR number can be assigned.
Some changelogs are duplicated to the Client-Server API to increase visibility of the changes to v12.
Review: Minor phrasing adjustments in changelogs
Review: Clarify that v12 isn't quite the default yet in the changelog
Review: Clarify to clients that creators are immutable
Review: Improve 'how to parse a domain' advice for legacy apps
Review: Add a bit more detail as to why a room ID might be required
Apply suggestions from code review
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Clarify that clients can override the tombstone default
Mention creatorship UI label by finishing the Permissions section
We probably should have removed the WIP note in v1.0, but alas.
Add changelog for tombstone changes
Use assigned spec PR number in changelogs
(cherry picked from commit ec81eea7e4532fd398b8013071d6981c97117d9e)
Signed-off-by: Tom Foster <tom@tcpip.uk>
Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
Co-authored-by: Johannes Marbach <n0-0ne+github@mailbox.org>
Co-authored-by: Richard van der Hoff <richard@matrix.org>
- do not use the term 'cross-signing keys' anymore: Previously, the term
'cross-signing keys' was used to refer to the master, user-signing and
self-signing keys. This is not ideal since the master key is used for
cross-signing but may also be used to sign the backup key, for example.
In these contexts, the master key is not used for cross-signing.
The term 'cross-signing keys' has therefor been replaced by 'keys used
for cross-signing' or, more explicitely, by 'master, user-signing and
self-signing key'.
- the naming of the master key has been harmonised (no more 'master
cross-signing key' or 'master signing keys'). Also the abbr. 'MSK' has been
replaced by 'MK'.
- in the QR code example, the term 'cross-signing key' has been replaced
by 'master key' since in mode 0x00, the current user's own master key and
what the device thinks the other user's master key is used.
- it has been made more explicit that private keys used for cross-signing can
be stored on the server are stored as described in the secrets module (as
opposed to store them in unencrypted form)
Signed-off-by: codedust <codedust@so.urceco.de>
* Clarify that SSO login applies to the legacy authentication API
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
* Do not point to specific authentication API for obtaining access token
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
* Add warnings about incompatibility with OAuth 2.0 to endpoints that use UIA
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
* Add changelog
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
* Add note about API standards not applying to OAuth 2.0
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
* Apply suggestions from code review
---------
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
Co-authored-by: Travis Ralston <travpc@gmail.com>
I tried to summarize MSC3861, and add sections to be able to find quickly how to do something with either API.
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
Since account locking and suspension are authentication API agnostic,
this is a pre-requisite to adding the new OAuth 2.0-based API.
This also splits the endpoints that where all included in the
registration OpenAPI data, to separate them cleanly in the spec, and
avoid having deactivation show before registration.
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
Co-authored-by: Kim Brose <2803622+HarHarLinks@users.noreply.github.com>
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* MSC4260: Reporting users (Client-Server API)
Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
* Add changelog
* Update data/api/client-server/report_content.yaml
Co-authored-by: Kévin Commaille <76261501+zecakeh@users.noreply.github.com>
* Move option to consistently respond with 200 to user reporting endpoint
* Move optional random delay to event and user reporting endpoints
* Make reason required for user and room reports
* Fix requiredness syntax
---------
Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
Co-authored-by: Kévin Commaille <76261501+zecakeh@users.noreply.github.com>
* Specify account suspension
* changelog
* Apply suggestions from code review
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Add some links
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
codedust