Kicking an external user gives an error, even though it should be allowed by the specification

[matrixbot]

This issue has been migrated from #16736.

---

Description

The specification allows kicking an external user (https://spec.matrix.org/v1.8/client-server-api/#room-membership):

However, Synapse returns an error when you try to kick a user that is external:

{'errcode': 'M_FORBIDDEN', 'error': 'The target user is not in the room'}

Steps to reproduce

• Create a room
• Try to kick a user that is not in the room

Homeserver

local

Synapse Version

v1.93.0

Installation Method

Docker (matrixdotorg/synapse)

Database

SQLite

Workers

Single process

Platform

Docker Container (matrixdotorg/synapse:v1.93.0)

Configuration

We use the default homeserver options, but with ratelimiting disabled.

Relevant log output

n/a

Anything else that would be useful to know?

No response

[girlbossceo]

Not sure if I'm reading the spec wrong but maybe this just needs to be a spec clarification?

Only the room membership diagram is saying kicking external users are allowed (modifying their membership to be leave), but the actual /kick endpoint at https://spec.matrix.org/v1.8/client-server-api/#post_matrixclientv3roomsroomidkick says an acceptable 403 error could be:

The kickee is not currently in the room.

Conduit also has this same behaviour of not kicking users who aren't in the room in the first place.
This is probably a spec question but what would the use-case be for kicking users who are not in the room? It makes sense for preemptive banning, but I don't see the usecase for "preemptive kicks".