|
| 1 | +# MSCXXXX: A code for account suspension |
| 2 | + |
| 3 | +This MSC introduces a new error code that servers may send to clarify that an account has been |
| 4 | +suspended *temporarily* but may still be reactivated. |
| 5 | + |
| 6 | +## Proposal |
| 7 | + |
| 8 | +### Introduction |
| 9 | + |
| 10 | +Matrix has a code `M_USER_DEACTIVATED` that a server may return to describe an account that has been |
| 11 | +deactivated. So far, this code has been used to represent accounts that have been *permanently* |
| 12 | +deactivated. In particular, clients that interpret this error code display it imply that the account |
| 13 | +has been *permanently* deactivated. |
| 14 | + |
| 15 | +However, some countries (e.g. UK) have laws that require the ability to appeal account |
| 16 | +deactivations. This requires the ability to specify that an account is *reversibly* |
| 17 | +suspended and let users know about the appeals procedure. |
| 18 | + |
| 19 | +This MSC simply introduces a new error code `M_USER_ACCOUNT_SUSPENDED` that servers may send to |
| 20 | +clarify that an account has been suspended but that the solution may still be resolved either by |
| 21 | +an appeal or by e.g. clearing up some abusive messages. |
| 22 | + |
| 23 | +This MSC does *not* specify a mechanism to suspend or unsuspend the account or to handle appeals. |
| 24 | + |
| 25 | +### Proposal |
| 26 | + |
| 27 | +Introduce a new error code `M_USER_ACCOUNT_SUSPENDED`. This error code MAY be sent by the server |
| 28 | +whenever a client attempts to use an API on behalf of a user whose account has been suspended. |
| 29 | + |
| 30 | +| Name | Type | Value | |
| 31 | +|------|------|-------| |
| 32 | +| `href` | string | (optional) If specified, a URL containing more information for the user, such as action needed. | |
| 33 | + |
| 34 | +The client is in charge of displaying an error message understandable by the user in case of `M_USER_ACCOUNT_SUSPENDED`, |
| 35 | +as well as a link to `href`. |
| 36 | + |
| 37 | +The web server serving `href` is in charge of localizing the message, using existing HTTP mechanisms, |
| 38 | +to adapt the page to the end user's locale. |
| 39 | + |
| 40 | +#### Examples |
| 41 | + |
| 42 | +Returning a static page: |
| 43 | + |
| 44 | +```json |
| 45 | +{ |
| 46 | + "errcode": "M_USER_ACCOUNT_SUSPENDED", |
| 47 | + "error": "The user account has been suspended, see link for details", |
| 48 | + "href": "https://example.org/help/my-account-is-suspended-what-can-i-do |
| 49 | +} |
| 50 | +``` |
| 51 | + |
| 52 | +Returning a dynamic page customized for this specific user: |
| 53 | + |
| 54 | +```json |
| 55 | +{ |
| 56 | + "errcode": "M_USER_ACCOUNT_SUSPENDED", |
| 57 | + "error": "The user account has been suspended, see link for details", |
| 58 | + "href": "https://example.org/action-needed/please-redact-events?event-id=$event_1:example.org&event-id=$event_2:example.org |
| 59 | +} |
| 60 | +``` |
| 61 | + |
| 62 | + |
| 63 | +### Potential issues |
| 64 | + |
| 65 | +See security considerations. |
| 66 | + |
| 67 | +### Alternatives |
| 68 | + |
| 69 | +We could reuse `M_USER_DEACTIVATED` and introduce an additional field: |
| 70 | + |
| 71 | +| Name | Type | Value | |
| 72 | +|------|------|-------| |
| 73 | +| `permanent` | boolean | (optional) If `false`, the account may still be reactivated. | |
| 74 | + |
| 75 | +in addition to the fields mentioned previously. |
| 76 | + |
| 77 | +### Security considerations |
| 78 | + |
| 79 | +This has the potential to expose private data. |
| 80 | + |
| 81 | +To avoid this, any `M_USER_ACCOUNT_SUSPENDED` MUST NOT be sent without authentication. |
0 commit comments