Skip to content

MSC4323: User suspension & locking endpoints #4323

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 15 commits into
base: main
Choose a base branch
from
Open

MSC4323: User suspension & locking endpoints #4323

wants to merge 15 commits into from
+147 −0

Conversation

nexy7574
Copy link

@nexy7574 nexy7574 commented Aug 6, 2025
edited
Loading

turt2live
turt2live reviewed Aug 6, 2025
View reviewed changes
proposals/4323-agnostic-suspend-and-lock.md
Copy link
Member

@turt2live turt2live Aug 6, 2025
edited by anoadragon453
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implementation requirements:

  • Server

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Continuwuity has a PR that implements the suspension endpoints and authenticated capability advertisement (but not locking because that's not implemented under the hood either) - https://forgejo.ellis.link/continuwuation/continuwuity/pulls/967

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Despite not implementing the lock endpoints, I think this serves as a suitable implementation. The semantics for lock would mirror suspend.

@turt2live turt2live added proposal A matrix spec change proposal client-server Client-Server API kind:feature MSC for not-core and not-maintenance stuff needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. safety labels Aug 6, 2025
turt2live
turt2live approved these changes Aug 6, 2025
View reviewed changes
Copy link
Member

@turt2live turt2live left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm on principle

tulir
tulir reviewed Aug 6, 2025
View reviewed changes
tulir
tulir reviewed Aug 6, 2025
View reviewed changes
Johennes
Johennes reviewed Aug 7, 2025
View reviewed changes
@anoadragon453 anoadragon453 removed the needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. label Sep 1, 2025
@anoadragon453
Copy link
Member

This looks good to start collecting ticks given its simplicity and that it has an implementation.

@mscbot fcp merge

@mscbot
Copy link
Collaborator

mscbot commented Sep 1, 2025
edited by clokep
Loading

Team member @mscbot has proposed to merge this. The next step is review by the rest of the tagged people:

Concerns:

  • Checklist not started/complete

Once at least 75% of reviewers approve (and there are no outstanding concerns), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up!

See this document for information about what commands tagged team members can give me.

@mscbot mscbot added proposed-final-comment-period Currently awaiting signoff of a majority of team members in order to enter the final comment period. disposition-merge labels Sep 1, 2025
@turt2live
Copy link
Member

turt2live commented Sep 2, 2025
edited by tulir
Loading

MSCs proposed for Final Comment Period (FCP) should meet the requirements outlined in the checklist prior to being accepted into the spec. This checklist is a bit long, but aims to reduce the number of follow-on MSCs after a feature lands.

SCT members: please check off things you check for, and raise a concern against FCP if the checklist is incomplete. If an item doesn't apply, prefer to check it rather than remove it. Unchecking items is encouraged where applicable.

Checklist:

  • Are appropriate implementation(s) specified in the MSC’s PR description?
  • Are all MSCs that this MSC depends on already accepted?
  • For each new endpoint that is introduced:
    • Have authentication requirements been specified?
    • Have rate-limiting requirements been specified?
    • Have guest access requirements been specified?
    • Are error responses specified?
      • Does each error case have a specified errcode (e.g. M_FORBIDDEN) and HTTP status code?
        • If a new errcode is introduced, is it clear that it is new?
  • Will the MSC require a new room version, and if so, has that been made clear?
    • Is the reason for a new room version clearly stated? For example, modifying the set of redacted fields changes how event IDs are calculated, thus requiring a new room version.
  • Are backwards-compatibility concerns appropriately addressed?
  • Are the endpoint conventions honoured?
    • Do HTTP endpoints use_underscores_like_this?
    • Will the endpoint return unbounded data? If so, has pagination been considered?
    • If the endpoint utilises pagination, is it consistent with the appendices?
  • An introduction exists and clearly outlines the problem being solved. Ideally, the first paragraph should be understandable by a non-technical audience.
  • All outstanding threads are resolved
    • All feedback is incorporated into the proposal text itself, either as a fix or noted as an alternative
  • While the exact sections do not need to be present, the details implied by the proposal template are covered. Namely:
    • Introduction
    • Proposal text
    • Potential issues
    • Alternatives
    • Dependencies
  • Stable identifiers are used throughout the proposal, except for the unstable prefix section
    • Unstable prefixes consider the awkward accepted-but-not-merged state
    • Chosen unstable prefixes do not pollute any global namespace (use “org.matrix.mscXXXX”, not “org.matrix”).
  • Changes have applicable Sign Off from all authors/editors/contributors
  • There is a dedicated "Security Considerations" section which detail any possible attacks/vulnerabilities this proposal may introduce, even if this is "None.". See RFC3552 for things to think about, but in particular pay attention to the OWASP Top Ten.

@turt2live
Copy link
Member

@mscbot concern Checklist not started/complete

@mscbot mscbot added the unresolved-concerns This proposal has at least one outstanding concern label Sep 2, 2025
@github-project-automation github-project-automation bot moved this to Tracking for review in Spec Core Team Workflow Sep 2, 2025
@turt2live turt2live moved this from Tracking for review to Ready for FCP ticks in Spec Core Team Workflow Sep 2, 2025
tulir
tulir reviewed Sep 2, 2025
View reviewed changes
tulir
tulir reviewed Sep 2, 2025
View reviewed changes
dbkr
dbkr reviewed Sep 2, 2025
View reviewed changes
dbkr
dbkr reviewed Sep 2, 2025
View reviewed changes
dbkr
dbkr reviewed Sep 2, 2025
View reviewed changes
dbkr
dbkr reviewed Sep 2, 2025
View reviewed changes
dbkr
dbkr reviewed Sep 2, 2025
View reviewed changes
dbkr
dbkr reviewed Sep 2, 2025
View reviewed changes
clokep
clokep reviewed Sep 2, 2025
View reviewed changes
uhoreg
uhoreg reviewed Sep 2, 2025
View reviewed changes
@turt2live turt2live added the 00-weekly-pings Tracking for weekly pings in the SCT office. 00 to make it first in the labels list. label Sep 5, 2025
@turt2live turt2live self-requested a review September 5, 2025 18:42
@tulir
Copy link
Member

tulir commented Sep 9, 2025

@mscbot resolve Checklist not started/complete

@mscbot mscbot removed the unresolved-concerns This proposal has at least one outstanding concern label Sep 9, 2025
clokep
clokep approved these changes Sep 10, 2025
View reviewed changes
@nexy7574 nexy7574 changed the title MSC4323: Agnostic user suspension & locking endpoints MSC4323: User suspension & locking endpoints Sep 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clokep clokep clokep approved these changes

@dbkr dbkr dbkr left review comments

@uhoreg uhoreg uhoreg left review comments

@anoadragon453 anoadragon453 anoadragon453 left review comments

@tulir tulir tulir left review comments

@turt2live turt2live Awaiting requested review from turt2live

+2 more reviewers

@Johennes Johennes Johennes left review comments

@Gnuxie Gnuxie Gnuxie left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
00-weekly-pings Tracking for weekly pings in the SCT office. 00 to make it first in the labels list. client-server Client-Server API disposition-merge kind:feature MSC for not-core and not-maintenance stuff proposal A matrix spec change proposal proposed-final-comment-period Currently awaiting signoff of a majority of team members in order to enter the final comment period. safety
Projects
Spec Core Team Workflow
Status: Ready for FCP ticks
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
10 participants
@nexy7574 @anoadragon453 @mscbot @turt2live @tulir @clokep @dbkr @uhoreg @Johennes @Gnuxie