Add allowlist for MSC4133 profile keys

AGENTS.md

@@ -0,0 +1,17 @@
+# Contributor Guide
+
+Synapse is a Python application that has Rust modules via pyo3 for performance.
+
+## Dev Environment Tips
+- Source code is primarily in `synapse/`, tests are in `tests/`.
+- Run `poetry install --dev` to install development python dependencies. This will also build and install the Synapse rust code.
+- Use `./scripts-dev/lint.sh` to lint the codebase (this attempts to fix issues as well). This should be run and produce no errors before every commit.
+
+## Dev Tips
+- If any change creates a breaking change or requires downstream users (sysadmins) to update their environment, call it out in `docs/upgrade.md` as a new entry with the title "# Upgrading to vx.yy.z" with the details of what they should do or be aware of.
+
+## Testing Instructions
+- Find the CI plan in the .github/workflows folder.
+- Use `poetry run trial tests` to run all unit tests, or `poetry run trial tests.metrics.test_phone_home_stats.PhoneHomeStatsTestCase` (for example) to run a single test case. The commit should pass all tests before you merge.
+- Some typing warnings are expected currently. Fix any test or type *errors* until the whole suite is green.
+- Add or update relevant tests for the code you change, even if nobody asked.

synapse/config/experimental.py

@@ -21,7 +21,7 @@
 
 import enum
 from functools import cache
-from typing import TYPE_CHECKING, Any, Optional
+from typing import TYPE_CHECKING, Any, List, Optional
 
 import attr
 import attr.validators
@@ -552,6 +552,18 @@ def read_config(
         # MSC4133: Custom profile fields
         self.msc4133_enabled: bool = experimental.get("msc4133_enabled", False)
 
+        self.msc4133_key_allowlist: Optional[List[str]] = experimental.get(
+            "msc4133_key_allowlist"
+        )
+        if self.msc4133_key_allowlist is not None:
+            if not isinstance(self.msc4133_key_allowlist, list) or not all(
+                isinstance(k, str) for k in self.msc4133_key_allowlist
+            ):
+                raise ConfigError(
+                    "experimental_features.msc4133_key_allowlist must be a list of strings",
+                    ("experimental", "msc4133_key_allowlist"),
+                )
+
         # MSC4210: Remove legacy mentions
         self.msc4210_enabled: bool = experimental.get("msc4210_enabled", False)
 

synapse/handlers/profile.py

@@ -481,6 +481,14 @@ async def set_profile_field(
         if not by_admin and target_user != requester.user:
             raise AuthError(403, "Cannot set another user's profile")
 
+        allowlist = self.hs.config.experimental.msc4133_key_allowlist
+        if allowlist is not None and field_name not in allowlist:
+            raise SynapseError(
+                403,
+                "Changing this profile field is disabled on this server",
+                Codes.FORBIDDEN,
+            )
+
         await self.store.set_profile_field(target_user, field_name, new_value)
 
         # Custom fields do not propagate into the user directory *or* rooms.

tests/rest/client/test_profile.py

@@ -776,6 +776,34 @@ def test_set_custom_field_other(self) -> None:
         self.assertEqual(channel.code, 403, channel.result)
         self.assertEqual(channel.json_body["errcode"], Codes.FORBIDDEN)
 
+    @unittest.override_config(
+        {
+            "experimental_features": {
+                "msc4133_enabled": True,
+                "msc4133_key_allowlist": ["allowed_field"],
+            }
+        }
+    )
+    def test_set_custom_field_not_allowlisted(self) -> None:
+        """Setting a field not in the allowlist should be rejected."""
+        channel = self.make_request(
+            "PUT",
+            f"/_matrix/client/unstable/uk.tcpip.msc4133/profile/{self.owner}/blocked",
+            content={"blocked": "test"},
+            access_token=self.owner_tok,
+        )
+        self.assertEqual(channel.code, 403, channel.result)
+        self.assertEqual(channel.json_body["errcode"], Codes.FORBIDDEN)
+
+        # Allowed field should succeed.
+        channel = self.make_request(
+            "PUT",
+            f"/_matrix/client/unstable/uk.tcpip.msc4133/profile/{self.owner}/allowed_field",
+            content={"allowed_field": "ok"},
+            access_token=self.owner_tok,
+        )
+        self.assertEqual(channel.code, 200, channel.result)
+
     def _setup_local_files(self, names_and_props: Dict[str, Dict[str, Any]]) -> None:
         """Stores metadata about files in the database.