From e1eb5807b66940490291983be905f2849539aa7f Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Fri, 18 Feb 2022 10:12:26 +0000 Subject: [PATCH] Allow preventing guest registration (#2199) * Allow disabling guest registration separately * Update sample config * Set `guests_disabled` to `true` in the sample config --- clientapi/routing/register.go | 7 +++++++ dendrite-config.yaml | 4 ++++ setup/config/config_clientapi.go | 4 ++++ 3 files changed, 15 insertions(+) diff --git a/clientapi/routing/register.go b/clientapi/routing/register.go index fc275a5d1..f73cc662f 100644 --- a/clientapi/routing/register.go +++ b/clientapi/routing/register.go @@ -532,6 +532,13 @@ func handleGuestRegistration( cfg *config.ClientAPI, userAPI userapi.UserInternalAPI, ) util.JSONResponse { + if cfg.RegistrationDisabled || cfg.GuestsDisabled { + return util.JSONResponse{ + Code: http.StatusForbidden, + JSON: jsonerror.Forbidden("Guest registration is disabled"), + } + } + var res userapi.PerformAccountCreationResponse err := userAPI.PerformAccountCreation(req.Context(), &userapi.PerformAccountCreationRequest{ AccountType: userapi.AccountTypeGuest, diff --git a/dendrite-config.yaml b/dendrite-config.yaml index b71e8d845..35f72222e 100644 --- a/dendrite-config.yaml +++ b/dendrite-config.yaml @@ -142,6 +142,10 @@ client_api: # using the registration shared secret below. registration_disabled: false + # Prevents new guest accounts from being created. Guest registration is also + # disabled implicitly by setting 'registration_disabled' above. + guests_disabled: true + # If set, allows registration by anyone who knows the shared secret, regardless of # whether registration is otherwise disabled. registration_shared_secret: "" diff --git a/setup/config/config_clientapi.go b/setup/config/config_clientapi.go index 75f5e3df3..4590e752b 100644 --- a/setup/config/config_clientapi.go +++ b/setup/config/config_clientapi.go @@ -18,6 +18,10 @@ type ClientAPI struct { // If set, allows registration by anyone who also has the shared // secret, even if registration is otherwise disabled. RegistrationSharedSecret string `yaml:"registration_shared_secret"` + // If set, prevents guest accounts from being created. Only takes + // effect if registration is enabled, otherwise guests registration + // is forbidden either way. + GuestsDisabled bool `yaml:"guests_disabled"` // Boolean stating whether catpcha registration is enabled // and required