Restrict displayname and email changes of users

This allows users to change their displayname and email only if the config allows it
2025-08-07 17:03:01 +03:00 · 2024-03-29 14:28:54 +01:00
parent e080932906
commit ae1f244b28
2 changed files with 23 additions and 2 deletions
--- a/crates/graphql/src/mutations/matrix.rs
+++ b/crates/graphql/src/mutations/matrix.rs
@@ -1,4 +1,4 @@
-// Copyright 2023 The Matrix.org Foundation C.I.C.
+// Copyright 2023, 2024 The Matrix.org Foundation C.I.C.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -87,6 +87,11 @@ impl MatrixMutations {
            return Err(async_graphql::Error::new("Unauthorized"));
        }

+        // Allow non-admins to change their display name if the site config allows it
+        if !requester.is_admin() && !state.site_config().displayname_change_allowed {
+            return Err(async_graphql::Error::new("Unauthorized"));
+        }
+
        let mut repo = state.repository().await?;
        let user = repo
            .user()
--- a/crates/graphql/src/mutations/user_email.rs
+++ b/crates/graphql/src/mutations/user_email.rs
@@ -1,4 +1,4 @@
-// Copyright 2023 The Matrix.org Foundation C.I.C.
+// Copyright 2023, 2024 The Matrix.org Foundation C.I.C.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -389,6 +389,11 @@ impl UserEmailMutations {
            return Err(async_graphql::Error::new("Unauthorized"));
        }

+        // Allow non-admins to change their email address if the site config allows it
+        if !requester.is_admin() && !state.site_config().email_change_allowed {
+            return Err(async_graphql::Error::new("Unauthorized"));
+        }
+
        // Only admins can skip validation
        if (input.skip_verification.is_some() || input.skip_policy_check.is_some())
            && !requester.is_admin()
@@ -600,6 +605,11 @@ impl UserEmailMutations {
            return Ok(RemoveEmailPayload::NotFound);
        }

+        // Allow non-admins to remove their email address if the site config allows it
+        if !requester.is_admin() && !state.site_config().email_change_allowed {
+            return Err(async_graphql::Error::new("Unauthorized"));
+        }
+
        let user = repo
            .user()
            .lookup(user_email.user_id)
@@ -644,6 +654,12 @@ impl UserEmailMutations {
            return Err(async_graphql::Error::new("Unauthorized"));
        }

+        // Allow non-admins to change their primary email address if the site config
+        // allows it
+        if !requester.is_admin() && !state.site_config().email_change_allowed {
+            return Err(async_graphql::Error::new("Unauthorized"));
+        }
+
        if user_email.confirmed_at.is_none() {
            return Ok(SetPrimaryEmailPayload::Unverified);
        }