Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Specify account suspension #2014

Merged
merged 4 commits into from
Dec 12, 2024
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelogs/client_server/newsfragments/2014.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add new `M_USER_SUSPENDED` error code behaviour, as per [MSC3823](https://github.com/matrix-org/matrix-spec-proposals/pull/3823).
74 changes: 72 additions & 2 deletions content/client-server-api/_index.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ JSON object. Clients should supply a `Content-Type` header of

The exceptions are:

- [`POST /_matrix/media/v3/upload`](#post_matrixmediav3upload) and
- [`POST /_matrix/media/v3/upload`](#post_matrixmediav3upload) and
[`PUT /_matrix/media/v3/upload/{serverName}/{mediaId}`](#put_matrixmediav3uploadservernamemediaid),
both of which take the uploaded media as the request body.
- [`POST /_matrix/client/v3/logout`](#post_matrixclientv3logout) and
Expand Down Expand Up @@ -103,6 +103,10 @@ No access token was specified for the request.
`M_USER_LOCKED`
The account has been [locked](#account-locking) and cannot be used at this time.

`M_USER_SUSPENDED`
The account has been [suspended](#account-suspension) and can only be used for
limited actions at this time.

`M_BAD_JSON`
Request contained valid JSON, but it was malformed in some way, e.g.
missing required keys, invalid values for keys.
Expand Down Expand Up @@ -1471,7 +1475,7 @@ Content-Type: application/json
```

Servers SHOULD NOT invalidate access tokens on locked accounts unless the
client requests a logout (using the above endpoints). This ensures that
client requests a logout (using the above endpoints). This ensures that
users can retain their sessions without having to log back in if the account
becomes unlocked.

Expand All @@ -1485,6 +1489,72 @@ and other APIs to detect when the lock has been lifted.
To enable users to appeal to a lock clients MAY use
[server contact discovery](#getwell-knownmatrixsupport).

#### Account suspension

{{% added-in v="1.13" %}}

Similar to [locking](#account-locking), a user's account MAY be suspended to
prevent further activity from that account. A similar effect is achieved, though
turt2live marked this conversation as resolved.
Show resolved Hide resolved
without risk of the client losing state from a logout. Suspensions are reversible,
like locks and unlike deactivations.

The actions a user can perform while suspended is deliberately left as an
implementation detail. Servers SHOULD permit the user to perform at least the
following, however:

* Log in and create additional sessions (which are also suspended).
* See and receive messages, particularly through [`/sync`](#get_matrixclientv3sync)
and [`/messages`](#get_matrixclientv3roomsroomidmessages).
* [Verify other devices](#device-verification) and write associated
[cross-signing data](#cross-signing).
* [Populate their key backup](#server-side-key-backups).
* Leave rooms and reject invites.
* Redacting their own events.
turt2live marked this conversation as resolved.
Show resolved Hide resolved
* Log out or delete any device of theirs, including the current session.
* Deactivate their account, potentially with a time delay to discourage making
a new account right away.
turt2live marked this conversation as resolved.
Show resolved Hide resolved
* Change or add [admin contacts](#adding-account-administrative-contact-information),
but not remove. Servers are recommended to only permit this if they keep a
changelog on contact information to prevent misuse.

General purpose endpoints like [`/send/{eventType}`](#put_matrixclientv3roomsroomidsendeventtypetxnid)
MAY return the error described below depending on the path parameters. For example,
a user may be allowed to send `m.room.redaction` events but not `m.room.message`
events through `/send`.

Where a room is used to maintain communication between server administration
teams and the suspended user, servers are recommended to allow the user to send
events to that room specifically. Server administrators which do not want the
user to continue receiving messages may be interested in [account locking](#account-locking)
instead.

Otherwise, the recommended set of explicitly forbidden actions is:

* Joining or knocking on rooms.
* Accepting or sending invites.
* Sending messages to rooms.
* Changing profile data (display name and avatar, primarily).
* Redacting other users' events, when permission is possible in a room.

When a client attempts to perform an action while suspended, the server MUST
respond with a `403 Forbidden` error response with `M_USER_SUSPENDED` as the
error code, as shown below:

```
HTTP/1.1 403 Forbidden
Content-Type: application/json
```

```json
{
"errcode": "M_USER_SUSPENDED",
"error": "You cannot perform this action while suspended."
}
```

APIs for initiating suspension or unsuspension are not included in this version
of the specification, and left as an implementation detail.

### Adding Account Administrative Contact Information

A homeserver may keep some contact information for administrative use.
Expand Down