Add some more comments appservice user registration

Explain why we don't validate userids registered via app services
author: Richard van der Hoff <richard@matrix.org> 2017-11-10 12:39:45 +0000
committer: Richard van der Hoff <richard@matrix.org> 2017-11-10 12:39:45 +0000
commit: e508145c9b4b57d3e92df65bc768107e043e6399 (patch)
tree: 87954e920a5beced19dcb73fa9944f5ff4db2264
parent: Downcase userids for shared-secret registration (diff)
download: synapse-e508145c9b4b57d3e92df65bc768107e043e6399.tar.xz
1 files changed, 4 insertions, 1 deletions
diff --git a/synapse/rest/client/v2_alpha/register.py b/synapse/rest/client/v2_alpha/register.py
index b3d918080d..9e2f7308ce 100644
--- a/synapse/rest/client/v2_alpha/register.py
+++ b/synapse/rest/client/v2_alpha/register.py
@@ -225,7 +225,10 @@ class RegisterRestServlet(RestServlet):
             # fallback to 'username' if they gave one.
             desired_username = body.get("user", desired_username)
 
-            # XXX we should check that desired_username is valid
+            # XXX we should check that desired_username is valid. Currently
+            # we give appservices carte blanche for any insanity in mxids,
+            # because the IRC bridges rely on being able to register stupid
+            # IDs.
 
             access_token = get_access_token_from_request(request)
author	Richard van der Hoff <richard@matrix.org>	2017-11-10 12:39:45 +0000
committer	Richard van der Hoff <richard@matrix.org>	2017-11-10 12:39:45 +0000
commit	e508145c9b4b57d3e92df65bc768107e043e6399 (patch)
tree	87954e920a5beced19dcb73fa9944f5ff4db2264
parent	Downcase userids for shared-secret registration (diff)
download	synapse-e508145c9b4b57d3e92df65bc768107e043e6399.tar.xz