diff --git a/src/github.com/matrix-org/dendrite/clientapi/routing/register.go b/src/github.com/matrix-org/dendrite/clientapi/routing/register.go index 4b3c6c0c..6ef4ab05 100644 --- a/src/github.com/matrix-org/dendrite/clientapi/routing/register.go +++ b/src/github.com/matrix-org/dendrite/clientapi/routing/register.go @@ -222,6 +222,11 @@ func handleRegistrationFlow( // TODO: Handle mapping registrationRequest parameters into session parameters // TODO: email / msisdn / recaptcha auth types. + + if cfg.Matrix.RegistrationDisabled && r.Auth.Type != authtypes.LoginTypeSharedSecret { + return util.MessageResponse(403, "Registration has been disabled") + } + switch r.Auth.Type { case authtypes.LoginTypeSharedSecret: if cfg.Matrix.RegistrationSharedSecret == "" { @@ -277,33 +282,19 @@ func LegacyRegister( cfg *config.Dendrite, ) util.JSONResponse { var r legacyRegisterRequest - resErr := httputil.UnmarshalJSONRequest(req, &r) + resErr := parseAndValidateLegacyLogin(req, &r) if resErr != nil { return *resErr } - // Squash username to all lowercase letters - r.Username = strings.ToLower(r.Username) - - if resErr = validateUserName(r.Username); resErr != nil { - return *resErr - } - if resErr = validatePassword(r.Password); resErr != nil { - return *resErr - } - logger := util.GetLogger(req.Context()) logger.WithFields(log.Fields{ "username": r.Username, "auth.type": r.Type, }).Info("Processing registration request") - // All registration requests must specify what auth they are using to perform this request - if r.Type == "" { - return util.JSONResponse{ - Code: 400, - JSON: jsonerror.BadJSON("invalid type"), - } + if cfg.Matrix.RegistrationDisabled && r.Type != authtypes.LoginTypeSharedSecret { + return util.MessageResponse(403, "Registration has been disabled") } switch r.Type { @@ -333,6 +324,35 @@ func LegacyRegister( } } +// parseAndValidateLegacyLogin parses the request into r and checks that the +// request is valid (e.g. valid user names, etc) +func parseAndValidateLegacyLogin(req *http.Request, r *legacyRegisterRequest) *util.JSONResponse { + resErr := httputil.UnmarshalJSONRequest(req, &r) + if resErr != nil { + return resErr + } + + // Squash username to all lowercase letters + r.Username = strings.ToLower(r.Username) + + if resErr = validateUserName(r.Username); resErr != nil { + return resErr + } + if resErr = validatePassword(r.Password); resErr != nil { + return resErr + } + + // All registration requests must specify what auth they are using to perform this request + if r.Type == "" { + return &util.JSONResponse{ + Code: 400, + JSON: jsonerror.BadJSON("invalid type"), + } + } + + return nil +} + func completeRegistration( ctx context.Context, accountDB *accounts.Database, diff --git a/src/github.com/matrix-org/dendrite/common/config/config.go b/src/github.com/matrix-org/dendrite/common/config/config.go index 3c488f4e..00217e46 100644 --- a/src/github.com/matrix-org/dendrite/common/config/config.go +++ b/src/github.com/matrix-org/dendrite/common/config/config.go @@ -83,6 +83,9 @@ type Dendrite struct { // If set, allows registration by anyone who also has the shared // secret, even if registration is otherwise disabled. RegistrationSharedSecret string `yaml:"registration_shared_secret"` + // If set disables new users from registering (except via shared + // secrets) + RegistrationDisabled bool `yaml:"registration_disabled"` } `yaml:"matrix"` // The configuration specific to the media repostitory.