From 1cd0228d871278236e7e89589717664ab5fc059b Mon Sep 17 00:00:00 2001 From: Ginger Date: Wed, 20 May 2026 11:54:09 -0400 Subject: [PATCH] fix: Restore functionality of `require_auth_for_profile_requests` --- src/api/router/auth.rs | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/src/api/router/auth.rs b/src/api/router/auth.rs index a438c64f4..554b29551 100644 --- a/src/api/router/auth.rs +++ b/src/api/router/auth.rs @@ -9,6 +9,7 @@ use ruma::{ AccessToken, AccessTokenOptional, AppserviceToken, AppserviceTokenOptional, AuthScheme, NoAccessToken, NoAuthentication, }, + client, federation::authentication::ServerSignatures, }, }; @@ -116,10 +117,9 @@ impl CheckAuth for AccessToken { .await .is_ok_and(std::convert::identity) { - if !(route == TypeId::of::() - || route - == TypeId::of::( - )) { + if !(route == TypeId::of::() + || route == TypeId::of::()) + { return Err!(Request(Unauthorized("Your account is locked."))); } } @@ -258,6 +258,19 @@ impl CheckAuth for NoAccessToken { err!(Request(Unauthorized(warn!("Failed to extract authorization: {}", err)))) })?; + // Check special access restrictions + if (route == TypeId::of::() + || route == TypeId::of::() + || route == TypeId::of::() + || route == TypeId::of::()) + && services.config.require_auth_for_profile_requests + && token.is_none() + { + return Err!(Request(Unauthorized( + "This server requires authentication to access user profiles." + ))); + } + ::verify(services, token, request, query, route).await } }