Open Kladki opened 4 days ago
Taking this as a figure of speech, as for the most the room should act as if it was
invite
, since servers shouldn't ever authorize joins
It is not literal, it is meant to explain in normal words what happens if you fail to define any conditions.
The key difference between these two cases is that with the latter, a
join
can still be authorized viajoin_authorised_via_users_server
, despite the fact that servers shouldn't be doing this. With the former, such a join wouldn't be authorized.
I don't think this was really considered, but I think the logic still holds up -- the user in join_authorised_via_users_server
could have issued an invite so I don't think there's an "auth leak" of any sort. Shout if I'm wrong though!
It is not literal, it is meant to explain in normal words what happens if you fail to define any conditions.
As I thought. I will try adjust the wording, since there was some confusion caused by this.
Link to problem area:
https://spec.matrix.org/v1.10/client-server-api/#restricted-rooms
Issue:
Currently, the spec states that:
The problem here is that there seems to be multiple interpretations of this, those being:
invite
join rule when this is the caseinvite
, since servers shouldn't ever authorize joinsThe key difference between these two cases is that with the latter, a
join
can still be authorized viajoin_authorised_via_users_server
, despite the fact that servers shouldn't be doing this. With the former, such a join wouldn't be authorized.So which interpretation does the spec intend to abide by?