summary refs log tree commit diff
diff options
context:
space:
mode:
authorAaron Raimist <aaron@raim.ist>2019-03-11 13:21:52 -0500
committerRichard van der Hoff <1389908+richvdh@users.noreply.github.com>2019-03-11 18:21:52 +0000
commit8ea1b41a0e353da2d3ec3b7f5ee3bd240261c668 (patch)
tree4d15ebcfdb2688e56d63c002286a1c6a2439cf9b
parentMake federation endpoints more tolerant of trailing slashes for some endpoint... (diff)
downloadsynapse-8ea1b41a0e353da2d3ec3b7f5ee3bd240261c668.tar.xz
Clarify what registration_shared_secret allows for (#2885) (#4844)
* Clarify what registration_shared_secret allows for (#2885)

Signed-off-by: Aaron Raimist <aaron@raim.ist>

* Add changelog

Signed-off-by: Aaron Raimist <aaron@raim.ist>
-rw-r--r--INSTALL.md4
-rw-r--r--changelog.d/4844.misc1
-rw-r--r--docs/sample_config.yaml4
-rw-r--r--synapse/config/registration.py4
4 files changed, 7 insertions, 6 deletions
diff --git a/INSTALL.md b/INSTALL.md
index 2993f3a9e2..5c67f14ed6 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -402,8 +402,8 @@ This process uses a setting `registration_shared_secret` in
 `homeserver.yaml`, which is shared between Synapse itself and the
 `register_new_matrix_user` script. It doesn't matter what it is (a random
 value is generated by `--generate-config`), but it should be kept secret, as
-anyone with knowledge of it can register users on your server even if
-`enable_registration` is `false`.
+anyone with knowledge of it can register users, including admin accounts,
+on your server even if `enable_registration` is `false`.
 
 ## Setting up a TURN server
 
diff --git a/changelog.d/4844.misc b/changelog.d/4844.misc
new file mode 100644
index 0000000000..eff6f1c43c
--- /dev/null
+++ b/changelog.d/4844.misc
@@ -0,0 +1 @@
+Clarify what registration_shared_secret allows for.
diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index b62745dd6e..22d5e6b1d7 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -624,8 +624,8 @@ enable_registration: False
 #  - medium: msisdn
 #    pattern: '\+44'
 
-# If set, allows registration by anyone who also has the shared
-# secret, even if registration is otherwise disabled.
+# If set, allows registration of standard or admin accounts by anyone who
+# has the shared secret, even if registration is otherwise disabled.
 #
 # registration_shared_secret: <PRIVATE STRING>
 
diff --git a/synapse/config/registration.py b/synapse/config/registration.py
index d34dc9e456..a123f25a68 100644
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@@ -92,8 +92,8 @@ class RegistrationConfig(Config):
         #  - medium: msisdn
         #    pattern: '\\+44'
 
-        # If set, allows registration by anyone who also has the shared
-        # secret, even if registration is otherwise disabled.
+        # If set, allows registration of standard or admin accounts by anyone who
+        # has the shared secret, even if registration is otherwise disabled.
         #
         %(registration_shared_secret)s