search

element-hq / synapse

Synapse: Matrix homeserver written in Python/Twisted.
https://element-hq.github.io/synapse
GNU Affero General Public License v3.0
982 stars 111 forks source link

Restrict the rooms a guest can join #10170

Open matrixbot opened 6 months ago

matrixbot commented 6 months ago

This issue has been migrated from #10170.

The GNOME community would like to be a good citizen in the Matrix universe, and not be an entrypoint for spam to other instances/room. To do so, we will restrict registration, but we would love to open guest accounts instead. The main blocker is we can't prevent guest accounts from spamming other instances.

Since rooms don't belong to a single server but are distributed in the Matrix universe, it's not possible to develop a feature like "guest accounts should not be able to leave the server". An flexible way to achieve what we want would be to allow guest accounts to join rooms only if there already is a :gnome.org alias bound to this room at the moment when they are trying to join. A less flexible (but maybe simpler?) way to do it would be to implement a room allow-list in homeserver.yaml. Per my understanding, this is something the homeserver of the guest account needs to enforce and doesn't require a specific MSC for that.

spaetz commented 5 months ago

I am a bit unsure about which rooms guests can actually join. The documentation (https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=guest#allow_guest_access) claims that GUESTS can only join rooms hosted on THIS server which seems to indicate that I cannot simply spam OTHER servers rooms as a guest.

OTOH, rooms are not owned or hosted by a single server, so I do not understand what this implies? Can guests join all rooms where a regular user of this homeserver is participating? Can guests already only join rooms that have a local alias name? Can they join any room in the matrixverse that has guest access enabled?

The documentation is a bit unclear there and deserves some clarification at least :).

Update: https://ems-docs.element.io/books/element-cloud-documentation/page/frequently-asked-questions gave a few more answers (this should go into the synapse documentation AFAIK). It seems that my hunch of "Can guests join all rooms where a regular user of this homeserver is participating?" is the right one, which might be a surprising behavior for synapse admins.

Guest users only work if a native user on the default homeserver configured in your client is a member of the room. For example, to join a room on your EMS server as a guest using the client at https://app.element.io/, an account on the matrix.org homeserver must be a member of the room.

Rooms need to be configured to allow guest access: Security & Privacy -> Encryption -> Encrypted: Off 1 Security & Privacy -> Access: Public Security & Privacy -> Access -> Show advanced -> Enable guest access: On Security & Privacy -> Who can read history: Anyone