1 files changed, 10 insertions, 27 deletions

diff --git a/synapse/config/registration.py b/synapse/config/registration.py

index c7f3e6d35e..b3fa500d4e 100644
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@@ -27,13 +27,6 @@ from synapse.config._base import Config, ConfigError, read_file
 from synapse.types import JsonDict, RoomAlias, UserID
 from synapse.util.stringutils import random_string_with_symbols, strtobool
 
-NO_EMAIL_DELEGATE_ERROR = """\
-Delegation of email verification to an identity server is no longer supported. To
-continue to allow users to add email addresses to their accounts, and use them for
-password resets, configure Synapse with an SMTP server via the `email` setting, and
-remove `account_threepid_delegates.email`.
-"""
-
 CONFLICTING_SHARED_SECRET_OPTS_ERROR = """\
 You have configured both `registration_shared_secret` and
 `registration_shared_secret_path`. These are mutually incompatible.
@@ -43,7 +36,9 @@ You have configured both `registration_shared_secret` and
 class RegistrationConfig(Config):
     section = "registration"
 
-    def read_config(self, config: JsonDict, **kwargs: Any) -> None:
+    def read_config(
+        self, config: JsonDict, allow_secrets_in_config: bool, **kwargs: Any
+    ) -> None:
         self.enable_registration = strtobool(
             str(config.get("enable_registration", False))
         )
@@ -56,18 +51,17 @@ class RegistrationConfig(Config):
             str(config.get("enable_registration_without_verification", False))
         )
 
-        self.registrations_require_3pid = config.get("registrations_require_3pid", [])
-        self.allowed_local_3pids = config.get("allowed_local_3pids", [])
-        self.enable_3pid_lookup = config.get("enable_3pid_lookup", True)
         self.registration_requires_token = config.get(
             "registration_requires_token", False
         )
-        self.enable_registration_token_3pid_bypass = config.get(
-            "enable_registration_token_3pid_bypass", False
-        )
 
         # read the shared secret, either inline or from an external file
         self.registration_shared_secret = config.get("registration_shared_secret")
+        if self.registration_shared_secret and not allow_secrets_in_config:
+            raise ConfigError(
+                "Config options that expect an in-line secret as value are disabled",
+                ("registration_shared_secret",),
+            )
         registration_shared_secret_path = config.get("registration_shared_secret_path")
         if registration_shared_secret_path:
             if self.registration_shared_secret:
@@ -78,16 +72,8 @@ class RegistrationConfig(Config):
 
         self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
 
-        account_threepid_delegates = config.get("account_threepid_delegates") or {}
-        if "email" in account_threepid_delegates:
-            raise ConfigError(NO_EMAIL_DELEGATE_ERROR)
-        self.account_threepid_delegate_msisdn = account_threepid_delegates.get("msisdn")
-        self.default_identity_server = config.get("default_identity_server")
         self.allow_guest_access = config.get("allow_guest_access", False)
 
-        if config.get("invite_3pid_guest", False):
-            raise ConfigError("invite_3pid_guest is no longer supported")
-
         self.auto_join_rooms = config.get("auto_join_rooms", [])
         for room_alias in self.auto_join_rooms:
             if not RoomAlias.is_valid(room_alias):
@@ -147,12 +133,9 @@ class RegistrationConfig(Config):
             .get("msc3861", {})
             .get("enabled", False)
         )
-        self.enable_3pid_changes = config.get(
-            "enable_3pid_changes", not msc3861_enabled
-        )
 
-        self.disable_msisdn_registration = config.get(
-            "disable_msisdn_registration", False
+        self.allow_underscore_prefixed_localpart = config.get(
+            "allow_underscore_prefixed_localpart", False
         )
 
         session_lifetime = config.get("session_lifetime")