From be969706e8655cfb35b56b97dcda8b82223af173 Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Fri, 25 Feb 2022 11:39:44 -0800 Subject: [PATCH 01/18] refuse to start if registration is enabled without email or captcha verification --- synapse/app/homeserver.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/synapse/app/homeserver.py b/synapse/app/homeserver.py index b9931001c25e..6157d93d4fab 100644 --- a/synapse/app/homeserver.py +++ b/synapse/app/homeserver.py @@ -348,6 +348,22 @@ def setup(config_options: List[str]) -> SynapseHomeServer: if config.server.gc_seconds: synapse.metrics.MIN_TIME_BETWEEN_GCS = config.server.gc_seconds + if ( + config.registration.enable_registration + and not config.registration.enable_registration_without_verification + ): + if ( + not config.captcha.enable_registration_captcha + and not config.registration.registrations_require_3pid + ): + + raise ConfigError( + "You have enabled open registration without any verification. This is a known vector for" + "spam and abuse. If you have enabled registration, please add email or capcha verification, or" + "use the config option `enable_registration_without_verification` in conjunction with `enable_verification." + ) + sys.exit(1) + hs = SynapseHomeServer( config.server.server_name, config=config, From 46f86b61588b6731e141ea91de888b6606cd569a Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Fri, 25 Feb 2022 11:40:43 -0800 Subject: [PATCH 02/18] add config flag `enable_registration_without_verification` and associated config section --- synapse/config/registration.py | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/synapse/config/registration.py b/synapse/config/registration.py index ea9b50fe97e4..934f2512abba 100644 --- a/synapse/config/registration.py +++ b/synapse/config/registration.py @@ -33,6 +33,10 @@ def read_config(self, config, **kwargs): str(config["disable_registration"]) ) + self.enable_registration_without_verification = strtobool( + str(config.get("enable_registration_without_verification", False)) + ) + self.registrations_require_3pid = config.get("registrations_require_3pid", []) self.allowed_local_3pids = config.get("allowed_local_3pids", []) self.enable_3pid_lookup = config.get("enable_3pid_lookup", True) @@ -207,10 +211,18 @@ def generate_config_section(self, generate_secrets=False, **kwargs): # Registration can be rate-limited using the parameters in the "Ratelimiting" # section of this file. - # Enable registration for new users. + # Enable registration for new users. Defaults to 'false'. It is highly recommended that if you enable registration, + # you use either captcha or email verification to verify that new users are not bots. In order to enable registration + # without captcha or email verification, you must also set `enable_registration_without_verification`, found below. # #enable_registration: false + # Enable registration without email or captcha verification. Note: this option is *not* recommended, + # as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect + # unless `enable_registration` is also enabled. + # + #enable_registration_without_verification: true + # Time that a user's session remains valid for, after they log in. # # Note that this is not currently compatible with guest logins. From 8cddb875a43348d1d90028c4edcbdf19b9925544 Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Fri, 25 Feb 2022 11:41:52 -0800 Subject: [PATCH 03/18] test that enabling registration without verification throws error --- tests/config/test_registration_config.py | 25 ++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/tests/config/test_registration_config.py b/tests/config/test_registration_config.py index 17a84d20d811..718994b2d047 100644 --- a/tests/config/test_registration_config.py +++ b/tests/config/test_registration_config.py @@ -11,14 +11,16 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. + +import synapse.app.homeserver from synapse.config import ConfigError from synapse.config.homeserver import HomeServerConfig -from tests.unittest import TestCase +from tests.config.utils import ConfigFileTestCase from tests.utils import default_config -class RegistrationConfigTestCase(TestCase): +class RegistrationConfigTestCase(ConfigFileTestCase): def test_session_lifetime_must_not_be_exceeded_by_smaller_lifetimes(self): """ session_lifetime should logically be larger than, or at least as large as, @@ -76,3 +78,22 @@ def test_session_lifetime_must_not_be_exceeded_by_smaller_lifetimes(self): HomeServerConfig().parse_config_dict( {"session_lifetime": "31m", "refresh_token_lifetime": "31m", **config_dict} ) + + def test_refuse_to_start_if_open_registration_and_no_verification(self): + self.generate_config() + self.add_lines_to_config( + [ + " ", + "enable_registration: true", + "registrations_require_3pid: false", + "enable_registration_captcha: false", + ] + ) + + # Test that allowing open registration without verification raises an error + with self.assertRaises(ConfigError): + synapse.app.homeserver.setup(["-c", self.config_file]) + + # Test that setting `enable_registration_without_verification` to true overrides config error + self.add_lines_to_config(["enable_registration_without_verification: true"]) + synapse.app.homeserver.setup(["-c", self.config_file]) From cb55db531ac06b7bcd6a6815d10c53d42160a976 Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Fri, 25 Feb 2022 11:42:02 -0800 Subject: [PATCH 04/18] newsfragment --- changelog.d/12091.misc | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/12091.misc diff --git a/changelog.d/12091.misc b/changelog.d/12091.misc new file mode 100644 index 000000000000..8ad0bde59ff9 --- /dev/null +++ b/changelog.d/12091.misc @@ -0,0 +1 @@ +Refuse to start if registration is enabled without email or captcha verification unless new config flag `enable_registration_without_verification` is set. \ No newline at end of file From 25aa51bdd98f8f3060d73454b6c325792e1bac86 Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Fri, 25 Feb 2022 11:53:30 -0800 Subject: [PATCH 05/18] generate new sample config --- docs/sample_config.yaml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml index 6f3623c88ab9..66a5f8e086e9 100644 --- a/docs/sample_config.yaml +++ b/docs/sample_config.yaml @@ -1212,10 +1212,18 @@ oembed: # Registration can be rate-limited using the parameters in the "Ratelimiting" # section of this file. -# Enable registration for new users. +# Enable registration for new users. Defaults to 'false'. It is highly recommended that if you enable registration, +# you use either captcha or email verification to verify that new users are not bots. In order to enable registration +# without captcha or email verification, you must also set `enable_registration_without_verification`, found below. # #enable_registration: false +# Enable registration without email or captcha verification. Note: this option is *not* recommended, +# as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect +# unless `enable_registration` is also enabled. +# +#enable_registration_without_verification: true + # Time that a user's session remains valid for, after they log in. # # Note that this is not currently compatible with guest logins. From 97b1c95995e4318827f06ea5cdac615bb5a3e385 Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Fri, 25 Feb 2022 11:59:57 -0800 Subject: [PATCH 06/18] lint --- synapse/config/registration.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/synapse/config/registration.py b/synapse/config/registration.py index 934f2512abba..d1a6dc833bc2 100644 --- a/synapse/config/registration.py +++ b/synapse/config/registration.py @@ -218,7 +218,7 @@ def generate_config_section(self, generate_secrets=False, **kwargs): #enable_registration: false # Enable registration without email or captcha verification. Note: this option is *not* recommended, - # as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect + # as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect # unless `enable_registration` is also enabled. # #enable_registration_without_verification: true From 0e328cbfe6faee2587d5d3b4cb0ccef77c388b36 Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Fri, 25 Feb 2022 12:01:20 -0800 Subject: [PATCH 07/18] add newline on newsfile --- changelog.d/12091.misc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog.d/12091.misc b/changelog.d/12091.misc index 8ad0bde59ff9..42b292c93695 100644 --- a/changelog.d/12091.misc +++ b/changelog.d/12091.misc @@ -1 +1 @@ -Refuse to start if registration is enabled without email or captcha verification unless new config flag `enable_registration_without_verification` is set. \ No newline at end of file +Refuse to start if registration is enabled without email or captcha verification unless new config flag `enable_registration_without_verification` is set. From 3b212673464b6c263b0b4274edfa63d80a3a2b51 Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Fri, 25 Feb 2022 12:06:15 -0800 Subject: [PATCH 08/18] regenerate sample config --- docs/sample_config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml index 66a5f8e086e9..801fa2f26e13 100644 --- a/docs/sample_config.yaml +++ b/docs/sample_config.yaml @@ -1219,7 +1219,7 @@ oembed: #enable_registration: false # Enable registration without email or captcha verification. Note: this option is *not* recommended, -# as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect +# as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect # unless `enable_registration` is also enabled. # #enable_registration_without_verification: true From dabf3167b61f58d43db42ddce677670869c1b785 Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Mon, 28 Feb 2022 10:48:46 -0800 Subject: [PATCH 09/18] add token-based verification as a viable verification method --- synapse/app/homeserver.py | 3 ++- synapse/config/registration.py | 4 ++-- tests/config/test_registration_config.py | 1 + 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/synapse/app/homeserver.py b/synapse/app/homeserver.py index 6157d93d4fab..e49c9ced0f92 100644 --- a/synapse/app/homeserver.py +++ b/synapse/app/homeserver.py @@ -355,11 +355,12 @@ def setup(config_options: List[str]) -> SynapseHomeServer: if ( not config.captcha.enable_registration_captcha and not config.registration.registrations_require_3pid + and not config.registration.registration_requires_token ): raise ConfigError( "You have enabled open registration without any verification. This is a known vector for" - "spam and abuse. If you have enabled registration, please add email or capcha verification, or" + "spam and abuse. If you have enabled registration, please add email, capcha, or token-based verification, or" "use the config option `enable_registration_without_verification` in conjunction with `enable_verification." ) sys.exit(1) diff --git a/synapse/config/registration.py b/synapse/config/registration.py index d1a6dc833bc2..40fb329a7fac 100644 --- a/synapse/config/registration.py +++ b/synapse/config/registration.py @@ -212,8 +212,8 @@ def generate_config_section(self, generate_secrets=False, **kwargs): # section of this file. # Enable registration for new users. Defaults to 'false'. It is highly recommended that if you enable registration, - # you use either captcha or email verification to verify that new users are not bots. In order to enable registration - # without captcha or email verification, you must also set `enable_registration_without_verification`, found below. + # you use either captcha, email, or token-based verification to verify that new users are not bots. In order to enable registration + # without any verification, you must also set `enable_registration_without_verification`, found below. # #enable_registration: false diff --git a/tests/config/test_registration_config.py b/tests/config/test_registration_config.py index 718994b2d047..cf5b310f6efc 100644 --- a/tests/config/test_registration_config.py +++ b/tests/config/test_registration_config.py @@ -87,6 +87,7 @@ def test_refuse_to_start_if_open_registration_and_no_verification(self): "enable_registration: true", "registrations_require_3pid: false", "enable_registration_captcha: false", + "registration_requires_token: false", ] ) From 338c435ea53a6deb29a8d0fc25f53de4b1bb129b Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Mon, 28 Feb 2022 10:51:39 -0800 Subject: [PATCH 10/18] update sample config --- docs/sample_config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml index 801fa2f26e13..e16e1d1d292c 100644 --- a/docs/sample_config.yaml +++ b/docs/sample_config.yaml @@ -1213,8 +1213,8 @@ oembed: # section of this file. # Enable registration for new users. Defaults to 'false'. It is highly recommended that if you enable registration, -# you use either captcha or email verification to verify that new users are not bots. In order to enable registration -# without captcha or email verification, you must also set `enable_registration_without_verification`, found below. +# you use either captcha, email, or token-based verification to verify that new users are not bots. In order to enable registration +# without any verification, you must also set `enable_registration_without_verification`, found below. # #enable_registration: false From a0582ed8fe2b1ca1c9995f610990709af704d872 Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Wed, 2 Mar 2022 11:02:30 -0800 Subject: [PATCH 11/18] fix misconfigured test --- tests/config/test_registration_config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/config/test_registration_config.py b/tests/config/test_registration_config.py index cf5b310f6efc..a44ca549a5b8 100644 --- a/tests/config/test_registration_config.py +++ b/tests/config/test_registration_config.py @@ -85,7 +85,7 @@ def test_refuse_to_start_if_open_registration_and_no_verification(self): [ " ", "enable_registration: true", - "registrations_require_3pid: false", + "registrations_require_3pid: []", "enable_registration_captcha: false", "registration_requires_token: false", ] From 834625513d46d06985cf87731f625ccd4a463b29 Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Wed, 2 Mar 2022 14:17:29 -0800 Subject: [PATCH 12/18] fix test causing errors --- tests/config/test_registration_config.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/config/test_registration_config.py b/tests/config/test_registration_config.py index a44ca549a5b8..1dc6b9496bc3 100644 --- a/tests/config/test_registration_config.py +++ b/tests/config/test_registration_config.py @@ -11,6 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +import sys import synapse.app.homeserver from synapse.config import ConfigError @@ -95,6 +96,3 @@ def test_refuse_to_start_if_open_registration_and_no_verification(self): with self.assertRaises(ConfigError): synapse.app.homeserver.setup(["-c", self.config_file]) - # Test that setting `enable_registration_without_verification` to true overrides config error - self.add_lines_to_config(["enable_registration_without_verification: true"]) - synapse.app.homeserver.setup(["-c", self.config_file]) From 9b89835acaeb64516127e409bf8f192afedbee3e Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Wed, 2 Mar 2022 14:22:31 -0800 Subject: [PATCH 13/18] lints --- tests/config/test_registration_config.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/config/test_registration_config.py b/tests/config/test_registration_config.py index 1dc6b9496bc3..2acdb6ac6161 100644 --- a/tests/config/test_registration_config.py +++ b/tests/config/test_registration_config.py @@ -11,7 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -import sys import synapse.app.homeserver from synapse.config import ConfigError @@ -95,4 +94,3 @@ def test_refuse_to_start_if_open_registration_and_no_verification(self): # Test that allowing open registration without verification raises an error with self.assertRaises(ConfigError): synapse.app.homeserver.setup(["-c", self.config_file]) - From 717af3cd2d03ea2c805cff9d60e1665c22b07699 Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Thu, 3 Mar 2022 09:34:17 -0800 Subject: [PATCH 14/18] enable open registration by default in demo script --- demo/start.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/demo/start.sh b/demo/start.sh index 8ffb14e30add..475aabadf7d1 100755 --- a/demo/start.sh +++ b/demo/start.sh @@ -37,6 +37,7 @@ for port in 8080 8081 8082; do printf '\n\n# Customisation made by demo/start.sh\n' echo "public_baseurl: http://localhost:$port/" echo 'enable_registration: true' + echo 'enable_registration_without_verification: true' # Warning, this heredoc depends on the interaction of tabs and spaces. # Please don't accidentaly bork me with your fancy settings. From 0cd6a604d175d5960a16fb76a835141afc4e14aa Mon Sep 17 00:00:00 2001 From: Shay Date: Mon, 7 Mar 2022 15:13:04 -0800 Subject: [PATCH 15/18] add spaces in error message --- synapse/app/homeserver.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/synapse/app/homeserver.py b/synapse/app/homeserver.py index 49f1d49e8647..cd997a8fca6a 100644 --- a/synapse/app/homeserver.py +++ b/synapse/app/homeserver.py @@ -359,8 +359,8 @@ def setup(config_options: List[str]) -> SynapseHomeServer: ): raise ConfigError( - "You have enabled open registration without any verification. This is a known vector for" - "spam and abuse. If you have enabled registration, please add email, capcha, or token-based verification, or" + "You have enabled open registration without any verification. This is a known vector for " + "spam and abuse. If you have enabled registration, please add email, capcha, or token-based verification, or " "use the config option `enable_registration_without_verification` in conjunction with `enable_verification." ) sys.exit(1) From 366da794f00bdf1384a4a1c80b0893888b663c13 Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Thu, 10 Mar 2022 14:44:44 -0800 Subject: [PATCH 16/18] requested changes --- changelog.d/12091.misc | 2 +- docs/upgrade.md | 4 ++++ synapse/app/homeserver.py | 5 +++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/changelog.d/12091.misc b/changelog.d/12091.misc index 42b292c93695..def44987b470 100644 --- a/changelog.d/12091.misc +++ b/changelog.d/12091.misc @@ -1 +1 @@ -Refuse to start if registration is enabled without email or captcha verification unless new config flag `enable_registration_without_verification` is set. +Refuse to start if registration is enabled without email, captcha, or token-based verification unless new config flag `enable_registration_without_verification` is set. diff --git a/docs/upgrade.md b/docs/upgrade.md index 0d0bb066ee63..32ace00326bd 100644 --- a/docs/upgrade.md +++ b/docs/upgrade.md @@ -87,6 +87,10 @@ process, for example: # Upgrading to v1.55.0 +## Open registration without verification is now disabled by default +Synapse will refuse to start if registration is enabled without email, captcha, or token-based verification unless the new config +flag `enable_registration_without_verification` is set to "true". + ## `synctl` script has been moved The `synctl` script diff --git a/synapse/app/homeserver.py b/synapse/app/homeserver.py index cd997a8fca6a..b6b326a73a5c 100644 --- a/synapse/app/homeserver.py +++ b/synapse/app/homeserver.py @@ -360,8 +360,9 @@ def setup(config_options: List[str]) -> SynapseHomeServer: raise ConfigError( "You have enabled open registration without any verification. This is a known vector for " - "spam and abuse. If you have enabled registration, please add email, capcha, or token-based verification, or " - "use the config option `enable_registration_without_verification` in conjunction with `enable_verification." + "spam and abuse. If you would like to allow public registration, please consider adding email, " + "captcha, or token-based verification. Otherwise this check can be removed by setting the " + "`enable_registration_without_verification` config option to `true`." ) sys.exit(1) From d99a1f1f21eebc50f766d26215264f8530188b6e Mon Sep 17 00:00:00 2001 From: Shay Date: Wed, 23 Mar 2022 10:41:15 -0700 Subject: [PATCH 17/18] Update docs/upgrade.md Co-authored-by: reivilibre --- docs/upgrade.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/upgrade.md b/docs/upgrade.md index 0f40567604ed..2f35d97a5398 100644 --- a/docs/upgrade.md +++ b/docs/upgrade.md @@ -88,9 +88,11 @@ process, for example: # Upgrading to v1.55.0 ## Open registration without verification is now disabled by default + Synapse will refuse to start if registration is enabled without email, captcha, or token-based verification unless the new config flag `enable_registration_without_verification` is set to "true". + ## `synctl` script has been moved The `synctl` script From 11fa6450d308adca859c2d2391a6e4edfa1c7842 Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Wed, 23 Mar 2022 11:31:54 -0700 Subject: [PATCH 18/18] remove unreachable code --- synapse/app/homeserver.py | 1 - 1 file changed, 1 deletion(-) diff --git a/synapse/app/homeserver.py b/synapse/app/homeserver.py index 280e5f715016..bdf27bfa0e0b 100644 --- a/synapse/app/homeserver.py +++ b/synapse/app/homeserver.py @@ -364,7 +364,6 @@ def setup(config_options: List[str]) -> SynapseHomeServer: "captcha, or token-based verification. Otherwise this check can be removed by setting the " "`enable_registration_without_verification` config option to `true`." ) - sys.exit(1) hs = SynapseHomeServer( config.server.server_name,