Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSC2403: Add "knock" feature #2403

Merged
merged 74 commits into from
Mar 29, 2021
Merged
Changes from 8 commits
Commits
Show all changes
74 commits
Select commit Hold shift + click to select a range
501d7ec
add knock proposal
Sorunome Jan 9, 2020
bee4e9e
move to correct msc number
Sorunome Jan 9, 2020
1ef7c17
remove stray heading
Sorunome Jan 9, 2020
1396498
remove question regarding federation api version, as it has to be v2
Sorunome Jan 9, 2020
f0411a3
make clear displayname and avatar_url are optional, add status codes
Sorunome Jan 13, 2020
776436a
forgot to update one json example
Sorunome Jan 13, 2020
53435d4
update with new endpoints
Sorunome Jan 19, 2020
5ae462d
address issues
Sorunome Feb 7, 2020
d47cb1f
Small grammatical fixes
anoadragon453 Aug 17, 2020
c92752d
Reflow text to <79 chars
anoadragon453 Aug 17, 2020
38d6708
Note that spam is a preventable, but real possibility as a result
anoadragon453 Aug 17, 2020
de038f5
Fix the response format of send_knock
anoadragon453 Aug 17, 2020
39c2168
small grammar
anoadragon453 Aug 21, 2020
74a341a
Mention that knock -> ban is possible
anoadragon453 Aug 21, 2020
716db4e
Spell out some possible abuse vectors and how to mitigate them
anoadragon453 Aug 21, 2020
d6d5858
knock->knock and rescinding of knocks are not allowed
anoadragon453 Aug 21, 2020
1051084
Switch from Power Levels -> Join Rules
anoadragon453 Aug 21, 2020
bc90f1c
Fix typo
anoadragon453 Aug 25, 2020
aad6ff4
Remove remaining traces of [200, {}] response format
anoadragon453 Aug 25, 2020
f3fc539
Move client recommendations into its own section
anoadragon453 Aug 27, 2020
651e73b
It's possible to fight against spam
anoadragon453 Aug 27, 2020
965c47b
Remove unnecessary sentence
anoadragon453 Aug 27, 2020
ae8ec66
Spec how a client is notified of pending knock progress
anoadragon453 Aug 27, 2020
5bfd65c
Federation knock_room_state and minor cleanup
anoadragon453 Aug 28, 2020
e93a19f
Indicate that this proposal requires a new room version
anoadragon453 Sep 2, 2020
c9a7b44
Merge branch 'soru/knock' of github.com:sorunome/matrix-doc into soru…
anoadragon453 Sep 2, 2020
58cb299
Update proposals/2403-knock.md
anoadragon453 Sep 3, 2020
703fa07
Remove extraneous text
anoadragon453 Sep 3, 2020
61fea58
Merge branch 'soru/knock' of github.com:sorunome/matrix-doc into soru…
anoadragon453 Sep 3, 2020
630f7c4
Allow users to knock over and over, removing CS complexity
anoadragon453 Sep 4, 2020
fd9d57b
Match state events sent to a remote server when inviting a user
anoadragon453 Sep 4, 2020
6e47e86
Add unstable endpoint replacements
anoadragon453 Sep 16, 2020
340f888
Mention unstable prefixes for sync, join_rules and membership events
anoadragon453 Sep 16, 2020
e58e207
Go into more depth about membership changes surrounding knocking
anoadragon453 Oct 1, 2020
9e5ac04
Explicitly state that the hs that received the knock must put in the …
anoadragon453 Oct 1, 2020
fd8176b
Clarify endpoint calls clients and servers need to use to handle knocks
anoadragon453 Oct 1, 2020
6b99228
Remove section duplicated by membership change section
anoadragon453 Oct 1, 2020
5097fad
Fix unstable prefix bullet points
anoadragon453 Oct 1, 2020
6f7bcb6
Explicitly state what changes to the auth rules are necessary
anoadragon453 Oct 1, 2020
525d1d3
Some clarifications and wording fixes
anoadragon453 Oct 5, 2020
a924f5b
Fix incorrect assumptions about the sender field of a knock event
anoadragon453 Oct 5, 2020
815dae6
Note that redactions of knocks are not a concern
anoadragon453 Oct 8, 2020
6c75b83
Address Travis and Patrick's feedback
anoadragon453 Nov 20, 2020
7dcff8f
Disallow invite->knock membership changes
anoadragon453 Nov 27, 2020
42e01b8
Add join_rules to room chunks returned on a public room dir query
anoadragon453 Feb 2, 2021
e99649c
Foreshadow power level requirements for approval/denial of knock
anoadragon453 Feb 8, 2021
51a7778
typo
anoadragon453 Feb 8, 2021
6a0d07c
Public rooms directory backwards compatibility note
anoadragon453 Feb 9, 2021
5c620de
typo fix
anoadragon453 Feb 10, 2021
d5a2a28
Note clients should try to prevent impersonation attacks during knocking
anoadragon453 Feb 15, 2021
8400877
Make ver a required parameter for make_knock
anoadragon453 Feb 17, 2021
337c87b
Add 404 on make_knock if unknown room ID
anoadragon453 Feb 17, 2021
04cd6b3
fix typo
anoadragon453 Feb 17, 2021
74f3b12
Note experimental room version ID
anoadragon453 Feb 17, 2021
248a3da
Switch /send_knock/ from v2 to v1; leave a note as to why
anoadragon453 Feb 18, 2021
eda6584
Comment on push rules
anoadragon453 Feb 18, 2021
24f61c2
Note that implementations may choose to auto-accept knock-related inv…
anoadragon453 Feb 18, 2021
e790ad2
Apply suggestions from code review
anoadragon453 Feb 24, 2021
49a7286
Allow knock->knock transitions
anoadragon453 Feb 26, 2021
c9f34e8
Link to /join/roomIdOrAlias
anoadragon453 Mar 3, 2021
c575f88
Move endpoint extras under endpoint's header
anoadragon453 Mar 3, 2021
53ad7e3
Ensure we return the room_id after knocking via the CS API
anoadragon453 Mar 3, 2021
09018be
Link to existing spec documentation on the public rooms directory
anoadragon453 Mar 3, 2021
c915b64
Update alternatives section
anoadragon453 Mar 3, 2021
6556b95
Move API endpoint sections up to the top of the proposal
anoadragon453 Mar 3, 2021
ef840c1
Split the 'Membership change to ' section into rejecting/rescinding k…
anoadragon453 Mar 3, 2021
8bfef19
Remove further traces of old /rooms/roomId/knock CS endpoint
anoadragon453 Mar 3, 2021
68d2d7c
Note that homeservers should pass down invites to the client if they …
anoadragon453 Mar 9, 2021
7f0b2d6
Update unstable endpoints from i.e xyz.amorgan/knock -> xyz.amorgan.k…
anoadragon453 Mar 23, 2021
a1a40c6
Be consistent about event auth rules
anoadragon453 Mar 23, 2021
11996fb
clarify some words
anoadragon453 Mar 24, 2021
10267df
Add missing 403/404 response codes
anoadragon453 Mar 24, 2021
9ebfd98
Apply suggestions from code review
anoadragon453 Mar 24, 2021
a8f4ada
Make join_rules field of PublicRoomChunk an optional value
anoadragon453 Mar 24, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
261 changes: 261 additions & 0 deletions proposals/2403-knock.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,261 @@
# MSC2403: Add "knock" feature
Many people are in invite-only rooms. Sometimes, someone wants to join such a room and can't, as
they aren't invited. This proposal adds a feature for this user to indicate that they want to join
said room.

# Proposal
This proposal implements the reserved "knock" membership type for the `m.room.member` state event.
This state event indicates that a user knocks a room, that is asking for permission to join. It
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
contains an optional "reason" parameter to specify the reason you want to join. Like other
membership types the parameters "displayname" and "avatar_url" are optional. This membership can
be set from users who aren't currently in said room. An example for the membership would look as
follows:
```json
{
"membership": "knock",
"displayname": "Alice",
"avatar_url": "mxc://example.org/avatar",
"reason": "I want to join this room as I really love foxes!"
}
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
```

After a knock is received in a room it is expected to be displayed in the timeline, similar to other
Sorunome marked this conversation as resolved.
Show resolved Hide resolved
membership changes. It is recommended to not display the reason until the user interacts with the
client in some way (e.g. clicking on a "show reason" button), as else this would basically allow
outsiders to send messages into the room. Clients can optionally add a way for users of a room to
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
review all current knocks. After a knock in a room, a member of the room can invite the knocker.

To be able to implement this properly two new endpoints need to be added, one in the client-server
API and one in the server-server API.

## Restrictions
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
There are restrictions to being able to set this membership.

### Current membership
Only users without a current membership or with their current membership being "leave" can knock a
room. This means that a user that is banned or currently in the room can't knock on it.

### Join Rules
The `join_rule` of `m.room.join_rules` must be set to "invite". This means that people can't knock
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
in public rooms. Additionally the new join rule "private" is introduced. This is so that people can,
when creating a new room, prevent anyone from knocking.
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved

### Power levels
The default power level for "knock" is the default power level for the room. If a user has a too low
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
power level to knock they aren't allowed to do this. As power levels can be set for users not currently
in the room this can be used as a way to limit who can knock and who can't.

#### Example:
`@alice:example.org` CAN knock, but `@bob:example.org` can't: The (incomplete) content of
`m.room.power_levels` is as follows:
```json
{
"users": {
"@alice:example.org": 1
},
"users_default": 0,
"knock": 1
}
```

## Membership changes
Once someone has sent the `knock` membership into the room a change to the following memberships is
possible:
- `invite`: The knock was accepted by someone inside the room and they are inviting the knocker into
the room.
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
- `leave`: Similar to how kicks are handled, the knock was rejected.

## Client-Server API
Two new endpoints are introduced in the client-server API (similarly to join):
`POST /_matrix/client/r0/rooms/{roomId}/knock` and `POST /_matrix/client/r0/knock/{roomIdOrAlias}`.

anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
### `POST /_matrix/client/r0/rooms/{roomId}/knock`
The path parameter (`roomId`) is the room you want to knock. It is required. The post body accepts
an optional parameter, `reason`, which is the reason you want to join the room. A request could look
as follows:

```
POST /_matrix/client/r0/rooms/%21d41d8cd%3Amatrix.org/knock HTTP/1.1
Content-Type: application/json

{
"reason": "I want to join this room as I really love foxes!"
}
```

#### Responses:
##### Status code 200:
The user knocked successfully. Empty reply:
```json
{}
```

##### Status code 400:
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
This request was invalid, e.g. bad JSON. Example reply:
```json
{
"errcode": "M_UNKNOWN",
"error": "An unknown error occurred"
}
```

##### Status code 403:
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
The user wasn't allowed to knock (e.g. they are banned). Error reply:
```json
{
"errcode": "M_FORBIDDEN",
"error": "The user isn't allowed to knock in this room."
}
```

##### Status code 429:
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
This request was rate-limited. Example reply:
```json
{
"errcode": "M_LIMIT_EXCEEDED",
"error": "Too many requests",
"retry_after_ms": 2000
}
```

### `POST /_matrix/client/r0/knock/{roomIdOrAlias}`
The path parameter (`roomIdOrAlias`) is either the room ID or the alias of the room you want to
knock. Additionally several `server_name` parameters can be specified via the query parameters. The
post body accepts an optional parameter, `reason`, which is the reason you want to join the room. A
request could look as follows:

```
POST /_matrix/client/r0/knock/%23monkeys%3Amatrix.org?server_name=matrix.org&server_name=elsewhere.ca HTTP/1.1
Content-Type: application/json

{
"reason": "I want to join this room as I really love foxes!"
}
```

#### Responses:
The possible responses are the same as for the `POST /_matrix/client/r0/rooms/{roomId}/knock` endpoint.

## Server-Server API
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
Similarly to join and leave over federation, a ping-pong game with two new endpoints is introduced:
`make_knock` and `send_knock`. Both endpoints must be protected via server ACLs.

### `GET /_matrix/federation/v1/make_knock/{roomId}/{userId}`

Asks the receiving server to return information that the sending server will need to prepare a knock
event to get into the room.

Request format:

| Parameter | Type | Description |
|-----------|------|-------------|
| Path parameters:
| roomId | string | Required. The room ID that should receive the knock.
| userId | string | Required. The user ID the knock event will be for.
| Query Parameters:
| ver | [string] | The room versions the sending server has support for. Defaults to `[1]`.
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved

Response Format:

| Parameter | Type | Description |
|-----------|------|-------------|
| room_version | string | The version of the room where the server is trying to knock.
| event | Event Template | An unsigned template event. May differ between room versions.

#### Responses
##### Status code 200:
Returns a template to be used to knock rooms. May depend on room version.
```json
{
"room_version": "2",
"event": {
"type": "m.room.member",
"room_id": "!somewhere:example.org",
"content": {
"membership": "knock"
},
"state_key": "@someone:example.org",
"origin": "example.org",
"origin_server_ts": 1549041175876,
"sender": "@someone:example.org"
}
}
```

##### Status code 400:
This request was invalid, e.g. bad JSON. Example reply:
```json
{
"errcode": "M_INCOMPATIBLE_ROOM_VERSION",
"error": "Your homeserver does not support the features required to join this room",
"room_version": "3"
}
```

anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
### `PUT /_matrix/federation/v1/send_knock/{roomId}/{eventId}`
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
Submits a signed knock event to the resident server for it to accept into the room's graph. Note
that event format may differ between room versions.

Request format:

| Parameter | Type | Description |
|-----------|------|-------------|
| Path parameters:
| roomId | string | Required. The room ID that should receive the knock.
| eventId | string | Required. The event ID for the knock event.

The JSON body is expected to be the full event.

Response Format:

| Parameter | Type | Description |
|-----------|------|-------------|
| <body> | [integer, Empty Object] |

A request could look as follows:
```
PUT /_matrix/federation/v1/send_knock/%21abc123%3Amatrix.org/%24abc123%3Aexample.org HTTP/1.1
Content-Type: application/json

{
"sender": "@someone:example.org",
"origin": "matrix.org",
"origin_server_ts": 1234567890,
"type": "m.room.member",
"state_key": "@someone:example.org",
"content": {
"membership": "knock",
"displayname": "Alice",
"avatar_url": "mxc://example.org/avatar",
"reason": "I want to join this room as I really love foxes!"
}
}
```

#### Response:
##### Status code 200:
The event was successfully accepted into the graph by the receiving homeserver.
```json
[
200,
{}
]
```
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved

# Potential issues
richvdh marked this conversation as resolved.
Show resolved Hide resolved
This new feature would allow users to spam rooms that they don't partake in. That is why this proposal
adds both the new join rule and the new power level, in order to allow room admins to mitigate such
potential spam.

# Alternatives
As for the join rule "invite", instead the join rule "knock" could be introduced, meaning the room
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
is like "invite" only that people can also knock. The difference is for existing rooms: With this
proposal people can knock in existing "invite" rooms, with the alternative suggestion they can't.

The two endpoints for the client-server API seem redundant, this MSC followed how JOIN is working
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
currently: One "proper" endpoint (`/rooms/{roomId}/join`) and one to work properly over federation
(`/join/{roomIdOrAlias}`). They could both be merged into one, however, as that would also affect
the join endpoint it seems out-of-scope for this MSC.

anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
# Security considerations
Sorunome marked this conversation as resolved.
Show resolved Hide resolved
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
None. This doesn't allow users access to a room in any way.
turt2live marked this conversation as resolved.
Show resolved Hide resolved
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved