Shuffle things around a bit

2026-01-01 03:03:10 -06:00 · 2022-04-28 16:58:29 +01:00 · 2022-04-28 16:58:29 +01:00 · 32eda925c0
parent 43b44a3d15
commit 32eda925c0
8 changed files with 24 additions and 13 deletions
--- a/build/gobind-pinecone/monolith.go
+++ b/build/gobind-pinecone/monolith.go
@ -259,6 +259,8 @@ func (m *DendriteMonolith) Start() {
 	cfg.MediaAPI.BasePath = config.Path(fmt.Sprintf("%s/media", m.CacheDirectory))
 	cfg.MediaAPI.AbsBasePath = config.Path(fmt.Sprintf("%s/media", m.CacheDirectory))
 	cfg.MSCs.MSCs = []string{"msc2836", "msc2946"}
+	cfg.ClientAPI.RegistrationDisabled = false
+	cfg.ClientAPI.OpenRegistrationWithoutVerificationEnabled = true
 	if err := cfg.Derive(); err != nil {
 		panic(err)
 	}
--- a/build/gobind-yggdrasil/monolith.go
+++ b/build/gobind-yggdrasil/monolith.go
@ -97,6 +97,8 @@ func (m *DendriteMonolith) Start() {
 	cfg.AppServiceAPI.Database.ConnectionString = config.DataSource(fmt.Sprintf("file:%s/dendrite-p2p-appservice.db", m.StorageDirectory))
 	cfg.MediaAPI.BasePath = config.Path(fmt.Sprintf("%s/tmp", m.StorageDirectory))
 	cfg.MediaAPI.AbsBasePath = config.Path(fmt.Sprintf("%s/tmp", m.StorageDirectory))
+	cfg.ClientAPI.RegistrationDisabled = false
+	cfg.ClientAPI.OpenRegistrationWithoutVerificationEnabled = true
 	if err = cfg.Derive(); err != nil {
 		panic(err)
 	}
--- a/cmd/dendrite-demo-pinecone/main.go
+++ b/cmd/dendrite-demo-pinecone/main.go
@ -140,6 +140,8 @@ func main() {
 	cfg.FederationAPI.Database.ConnectionString = config.DataSource(fmt.Sprintf("file:%s-federationapi.db", *instanceName))
 	cfg.AppServiceAPI.Database.ConnectionString = config.DataSource(fmt.Sprintf("file:%s-appservice.db", *instanceName))
 	cfg.MSCs.MSCs = []string{"msc2836", "msc2946"}
+	cfg.ClientAPI.RegistrationDisabled = false
+	cfg.ClientAPI.OpenRegistrationWithoutVerificationEnabled = true
 	if err := cfg.Derive(); err != nil {
 		panic(err)
 	}
--- a/cmd/dendrite-demo-yggdrasil/main.go
+++ b/cmd/dendrite-demo-yggdrasil/main.go
@ -89,6 +89,8 @@ func main() {
 		cfg.AppServiceAPI.Database.ConnectionString = config.DataSource(fmt.Sprintf("file:%s-appservice.db", *instanceName))
 		cfg.MSCs.MSCs = []string{"msc2836"}
 		cfg.MSCs.Database.ConnectionString = config.DataSource(fmt.Sprintf("file:%s-mscs.db", *instanceName))
+		cfg.ClientAPI.RegistrationDisabled = false
+		cfg.ClientAPI.OpenRegistrationWithoutVerificationEnabled = true
 		if err = cfg.Derive(); err != nil {
 			panic(err)
 		}
--- a/cmd/dendritejs-pinecone/main.go
+++ b/cmd/dendritejs-pinecone/main.go
@ -171,6 +171,8 @@ func startup() {
 	cfg.Global.KeyID = gomatrixserverlib.KeyID(signing.KeyID)
 	cfg.Global.PrivateKey = sk
 	cfg.Global.ServerName = gomatrixserverlib.ServerName(hex.EncodeToString(pk))
+	cfg.ClientAPI.RegistrationDisabled = false
+	cfg.ClientAPI.OpenRegistrationWithoutVerificationEnabled = true

 	if err := cfg.Derive(); err != nil {
 		logrus.Fatalf("Failed to derive values from config: %s", err)
--- a/cmd/generate-config/main.go
+++ b/cmd/generate-config/main.go
@ -91,6 +91,7 @@ func main() {
 		cfg.UserAPI.BCryptCost = bcrypt.MinCost
 		cfg.Global.JetStream.InMemory = true
 		cfg.ClientAPI.RegistrationDisabled = false
+		cfg.ClientAPI.OpenRegistrationWithoutVerificationEnabled = true
 		cfg.ClientAPI.RegistrationSharedSecret = "complement"
 		cfg.Global.Presence = config.PresenceOptions{
 			EnableInbound:  true,
--- a/setup/config/config_clientapi.go
+++ b/setup/config/config_clientapi.go
@ -19,7 +19,7 @@ type ClientAPI struct {
 	// Enable registration without captcha verification or shared secret. Note: this option is *not* recommended,
 	// as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect
 	// unless `registration_disabled` is set to false.
-	RegistrationWithoutVerificationEnabled bool `yaml:"-"`
+	OpenRegistrationWithoutVerificationEnabled bool `yaml:"-"`

 	// If set, allows registration by anyone who also has the shared
 	// secret, even if registration is otherwise disabled.
@ -62,11 +62,7 @@ func (c *ClientAPI) Defaults(generate bool) {
 	c.RecaptchaBypassSecret = ""
 	c.RecaptchaSiteVerifyAPI = ""
 	c.RegistrationDisabled = true
-	c.RegistrationWithoutVerificationEnabled = false
-	if generate {
-		c.RegistrationDisabled = false
-		c.RegistrationWithoutVerificationEnabled = true
-	}
+	c.OpenRegistrationWithoutVerificationEnabled = false
 	c.RateLimiting.Defaults()
 }

@ -85,12 +81,16 @@ func (c *ClientAPI) Verify(configErrs *ConfigErrors, isMonolith bool) {
 	c.RateLimiting.Verify(configErrs)

 	// Ensure there is any spam counter measure when enabling registration
-	if !c.RegistrationDisabled && !c.RegistrationWithoutVerificationEnabled {
+	if !c.RegistrationDisabled && !c.OpenRegistrationWithoutVerificationEnabled {
 		if !c.RecaptchaEnabled && c.RegistrationSharedSecret == "" {
-			configErrs.Add("You have enabled open registration without any verification. This is a known vector for " +
-				"spam and abuse. If you would like to allow public registration, please consider adding captcha" +
-				" or token-based verification. Otherwise this check can be removed by setting the " +
-				"`enable_registration_without_verification` config option to `true`.")
+			configErrs.Add(
+				"You have tried to enable open registration without any secondary verification methods " +
+					"(such as captcha or shared secret). By enabling open registration, you are SIGNIFICANTLY " +
+					"increasing the risk that your server will be used to send spam or abuse, and may result in " +
+					"your server being banned from some rooms. If you are ABSOLUTELY CERTAIN you want to do this, " +
+					"start Dendrite with the -really-enable-open-registration command line flag. Otherwise, you " +
+					"should set the registration_disabled option in your Dendrite config.",
+			)
 		}
 	}
 }
--- a/setup/flags.go
+++ b/setup/flags.go
@ -27,7 +27,7 @@ import (
 var (
 	configPath                            = flag.String("config", "dendrite.yaml", "The path to the config file. For more information, see the config file in this repository.")
 	version                               = flag.Bool("version", false, "Shows the current version and exits immediately.")
-	enableRegistrationWithoutVerification = flag.Bool("really-enable-open-registration", false, "This allows open registration without verification (captcha, shared secret etc). (NOT RECOMMENDED)")
+	enableRegistrationWithoutVerification = flag.Bool("really-enable-open-registration", false, "This allows open registration without secondary verification (captcha, shared secret etc). This is NOT RECOMMENDED and will SIGNIFICANTLY increase the risk that your server will be used to send spam or conduct attacks, which may result in your server being banned from rooms.")
 )

 // ParseFlags parses the commandline flags and uses them to create a config.
@ -50,7 +50,7 @@ func ParseFlags(monolith bool) *config.Dendrite {
 	}

 	if *enableRegistrationWithoutVerification {
-		cfg.ClientAPI.RegistrationWithoutVerificationEnabled = true
+		cfg.ClientAPI.OpenRegistrationWithoutVerificationEnabled = true
 	}

 	return cfg