Add config option to disable registration (#360)

src/github.com/matrix-org/dendrite/clientapi/routing/register.go

@@ -222,6 +222,11 @@ func handleRegistrationFlow(
 	// TODO: Handle mapping registrationRequest parameters into session parameters
 
 	// TODO: email / msisdn / recaptcha auth types.
+
+	if cfg.Matrix.RegistrationDisabled && r.Auth.Type != authtypes.LoginTypeSharedSecret {
+		return util.MessageResponse(403, "Registration has been disabled")
+	}
+
 	switch r.Auth.Type {
 	case authtypes.LoginTypeSharedSecret:
 		if cfg.Matrix.RegistrationSharedSecret == "" {
@@ -277,33 +282,19 @@ func LegacyRegister(
 	cfg *config.Dendrite,
 ) util.JSONResponse {
 	var r legacyRegisterRequest
-	resErr := httputil.UnmarshalJSONRequest(req, &r)
+	resErr := parseAndValidateLegacyLogin(req, &r)
 	if resErr != nil {
 		return *resErr
 	}
 
-	// Squash username to all lowercase letters
-	r.Username = strings.ToLower(r.Username)
-
-	if resErr = validateUserName(r.Username); resErr != nil {
-		return *resErr
-	}
-	if resErr = validatePassword(r.Password); resErr != nil {
-		return *resErr
-	}
-
 	logger := util.GetLogger(req.Context())
 	logger.WithFields(log.Fields{
 		"username":  r.Username,
 		"auth.type": r.Type,
 	}).Info("Processing registration request")
 
-	// All registration requests must specify what auth they are using to perform this request
+	if cfg.Matrix.RegistrationDisabled && r.Type != authtypes.LoginTypeSharedSecret {
-	if r.Type == "" {
+		return util.MessageResponse(403, "Registration has been disabled")
-		return util.JSONResponse{
-			Code: 400,
-			JSON: jsonerror.BadJSON("invalid type"),
-		}
 	}
 
 	switch r.Type {
@@ -333,6 +324,35 @@ func LegacyRegister(
 	}
 }
 
+// parseAndValidateLegacyLogin parses the request into r and checks that the
+// request is valid (e.g. valid user names, etc)
+func parseAndValidateLegacyLogin(req *http.Request, r *legacyRegisterRequest) *util.JSONResponse {
+	resErr := httputil.UnmarshalJSONRequest(req, &r)
+	if resErr != nil {
+		return resErr
+	}
+
+	// Squash username to all lowercase letters
+	r.Username = strings.ToLower(r.Username)
+
+	if resErr = validateUserName(r.Username); resErr != nil {
+		return resErr
+	}
+	if resErr = validatePassword(r.Password); resErr != nil {
+		return resErr
+	}
+
+	// All registration requests must specify what auth they are using to perform this request
+	if r.Type == "" {
+		return &util.JSONResponse{
+			Code: 400,
+			JSON: jsonerror.BadJSON("invalid type"),
+		}
+	}
+
+	return nil
+}
+
 func completeRegistration(
 	ctx context.Context,
 	accountDB *accounts.Database,

src/github.com/matrix-org/dendrite/common/config/config.go

@@ -83,6 +83,9 @@ type Dendrite struct {
 		// If set, allows registration by anyone who also has the shared
 		// secret, even if registration is otherwise disabled.
 		RegistrationSharedSecret string `yaml:"registration_shared_secret"`
+		// If set disables new users from registering (except via shared
+		// secrets)
+		RegistrationDisabled bool `yaml:"registration_disabled"`
 	} `yaml:"matrix"`
 
 	// The configuration specific to the media repostitory.