summary refs log tree commit diff
path: root/synapse/config
diff options
context:
space:
mode:
authorShay <hillerys@element.io>2022-03-25 10:11:01 -0700
committerGitHub <noreply@github.com>2022-03-25 10:11:01 -0700
commit3c41d87b67d3a62edfc660b4fe8f2545f5dbee4f (patch)
treeb11ef0e94c7bbe343f976836a92ca9905c4f6016 /synapse/config
parentAdd cache for `get_membership_from_event_ids` (#12272) (diff)
downloadsynapse-3c41d87b67d3a62edfc660b4fe8f2545f5dbee4f.tar.xz
Add restrictions by default to open registration in Synapse (#12091)
Diffstat (limited to 'synapse/config')
-rw-r--r--synapse/config/registration.py14
1 files changed, 13 insertions, 1 deletions
diff --git a/synapse/config/registration.py b/synapse/config/registration.py
index ea9b50fe97..40fb329a7f 100644
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@@ -33,6 +33,10 @@ class RegistrationConfig(Config):
                 str(config["disable_registration"])
             )
 
+        self.enable_registration_without_verification = strtobool(
+            str(config.get("enable_registration_without_verification", False))
+        )
+
         self.registrations_require_3pid = config.get("registrations_require_3pid", [])
         self.allowed_local_3pids = config.get("allowed_local_3pids", [])
         self.enable_3pid_lookup = config.get("enable_3pid_lookup", True)
@@ -207,10 +211,18 @@ class RegistrationConfig(Config):
         # Registration can be rate-limited using the parameters in the "Ratelimiting"
         # section of this file.
 
-        # Enable registration for new users.
+        # Enable registration for new users. Defaults to 'false'. It is highly recommended that if you enable registration,
+        # you use either captcha, email, or token-based verification to verify that new users are not bots. In order to enable registration
+        # without any verification, you must also set `enable_registration_without_verification`, found below.
         #
         #enable_registration: false
 
+        # Enable registration without email or captcha verification. Note: this option is *not* recommended,
+        # as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect
+        # unless `enable_registration` is also enabled.
+        #
+        #enable_registration_without_verification: true
+
         # Time that a user's session remains valid for, after they log in.
         #
         # Note that this is not currently compatible with guest logins.