synapse icon indicating copy to clipboard operation
synapse copied to clipboard
verified publisher icon element-hq

`GET /_matrix/federation/v1/query/profile` response violates OpenAPI schema

Open harri-han opened this issue 8 months ago • 1 comments

https://spec.matrix.org/v1.11/server-server-api/#get_matrixfederationv1queryprofile states that the response fields avatar_url and displayname shall be either string valued or omitted altogether, but never null.

The code at https://github.com/element-hq/synapse/blob/44ae5362fd952dbb209f4b52ee9c96641163f032/synapse/handlers/profile.py#L539C1-L546C1 however leaks through NULL values from the SQL database and so may result in null values being emitted in the JSON response where none are allowed by the OpenAPI schema.

A trival fix would be to simply add is not None if-clauses before setting the respective key in the response: JsonDict, i.e. something along the lines of

         response: JsonDict = {}
         try:
             if just_field is None or just_field == ProfileFields.DISPLAYNAME:
                tmp = await self.store.get_profile_displayname(user)
                if tmp is not None:
                    response["displayname"] = tmp
             if just_field is None or just_field == ProfileFields.AVATAR_URL:
                tmp = await self.store.get_profile_avatar_url(user)
                if tmp is not None:
                    response["avatar_url"] = tmp

harri-han avatar May 15 '25 14:05 harri-han

I think the client-server API is fixed in the unstable version that are disabled by default.

clokep avatar May 15 '25 16:05 clokep