style: Clean up whoami code

chore: Add news fragment
fix: Return 403 instead of 404 at /_matrix/client/v3/account/whoami
2026-04-25 09:02:19 +00:00 · 2026-01-09 01:12:38 +00:00 · 2026-01-09 00:47:09 +00:00 · 2026-01-09 00:44:38 +00:00 · 2026-01-08 19:28:27 +00:00 · 2026-01-08 19:28:27 +00:00
3 changed files with 2824 additions and 3 deletions
--- a/changelog.d/1276.bugfix
+++ b/changelog.d/1276.bugfix
@@ -0,0 +1 @@
+Fixed the whoami endpoint returning HTTP 404 instead of HTTP 403, which confused some appservices. Contributed by @nex.
--- a/docs/admin_reference.md
+++ b/docs/admin_reference.md
--- a/src/api/client/account.rs
+++ b/src/api/client/account.rs
@@ -724,7 +724,7 @@ pub(crate) async fn change_password_route(
 	Ok(change_password::v3::Response {})
 }

-/// # `GET _matrix/client/r0/account/whoami`
+/// # `GET /_matrix/client/v3/account/whoami`
 ///
 /// Get `user_id` of the sender user.
 ///
@@ -733,11 +733,17 @@ pub(crate) async fn whoami_route(
 	State(services): State<crate::State>,
 	body: Ruma<whoami::v3::Request>,
 ) -> Result<whoami::v3::Response> {
+	let is_guest = services
+		.users
+		.is_deactivated(body.sender_user())
+		.await
+		.map_err(|_| {
+			err!(Request(Forbidden("Application service has not registered this user.")))
+		})? && body.appservice_info.is_none();
 	Ok(whoami::v3::Response {
 		user_id: body.sender_user().to_owned(),
 		device_id: body.sender_device.clone(),
-		is_guest: services.users.is_deactivated(body.sender_user()).await?
-			&& body.appservice_info.is_none(),
+		is_guest,
 	})
 }
Author	SHA1	Message	Date
timedout	5a2a1b6240	style: Clean up whoami code	2026-01-09 01:12:38 +00:00
timedout	fb536ca1ce	chore: Add news fragment	2026-01-09 00:47:09 +00:00
timedout	d22d47954f	fix: Return 403 instead of 404 at /_matrix/client/v3/account/whoami	2026-01-09 00:44:38 +00:00
Ginger	d48cc46643	fix: Allow `cargo_common_metadata` clippy lint	2026-01-08 19:28:27 +00:00
Ginger	8cf2d175d6	fix: Update package and crate metadata	2026-01-08 19:28:27 +00:00
Ginger	205ac22008	chore: Update admin command documentation	2026-01-08 14:27:50 -05:00
				`@@ -0,0 +1 @@`
				`Fixed the whoami endpoint returning HTTP 404 instead of HTTP 403, which confused some appservices. Contributed by @nex.`