synapse icon indicating copy to clipboard operation
synapse copied to clipboard
verified publisher icon element-hq

"enable_set_displayname: false" still allows users to change their local room display name

Open thenicnet opened this issue 1 year ago • 1 comments

Description

Hello all. I bring to you today an oddly specific issue.

I am running a Synapse server (v1.103.0) and Element-Web frontend (v1.11.62) both via docker images. Users log into the environment using their LDAP credentials.

We decided it would be best to set "enable_set_displayname" to false in order to keep users using the LDAP provided display names.

While the setting does disable the ability for users to set their display name globally (/nick), they can still set their room display name (/myroomnick).

My initial expectation is that the setting would disable user abilities to use either of the commands that change their display name. When that wasn't the case, I was thinking I missed another setting to disable the (/myroomnick) option, but that doesn't seem to be the case.

I am unsure as to the best path forward. I suppose if the "enable_set_displayname" is set to false, most people would expect that to disable custom display names completely. But, in the interest of more customization maybe it could be another setting to disable the (/myroomnick).

If it turns out I missed an existing option, I'm sorry you wasted your time reading this.

Steps to reproduce

  • Build a fresh synapse & element-web environment
  • Deploy successful ldap configuration
  • add enable_set_displayname: false to homeserver.yaml
  • have a non-admin user use /myroomnick to set a custom display name for the room

Homeserver

private homeserver

Synapse Version

1.103.0

Installation Method

Docker (matrixdotorg/synapse)

Database

  • PostgresSQL v16.2, single server, no I have not ported, no I have not restored from a backup.

Workers

Single process

Platform

Synapse is running on a RHEL 8.9 VM under a ESXi hypervisor. The containers are running via docker-ce-25.0.3-1.el8.x86_64, using docker compose.

Configuration

-Server Notices -User Consent -ldap_auth_provider.LdapAuthProviderModule -auto_join_rooms -enable_set_displayname: false -enable_3pid_changes: false

Relevant log output

Unfortunately I can not provide logs at this time. This is an air-gapped system.

Anything else that would be useful to know?

I guess this might be considered a feature request instead of a bug? I'm sorry I'm not sure how to categorize it, bug seemed like the place to start. If I need to recreate this as a feature request please let me know.

thenicnet avatar Apr 04 '24 13:04 thenicnet

This feels like a reasonable expectation.

The enable_set_displayname: false option disables the API endpoint to set a displayname globally, but as you've noticed some clients have a /myroomnick (or similar) command which instead manually sends a single m.room.member state event to update the user's name in one particular room.

I think this is fair to call a bug, but it also is fair to call a feature request. But since it's not documented as a limitation even though it's a reasonable expectation, I'd say bug :p.

reivilibre avatar May 09 '24 13:05 reivilibre