Revert "Add restrictions by default to open registration in Synapse (m…

…atrix-org#12091)"

This reverts commit 3c41d87.

demo/start.sh

@@ -41,7 +41,6 @@ for port in 8080 8081 8082; do
             printf '\n\n# Customisation made by demo/start.sh\n\n'
             echo "public_baseurl: http://localhost:$port/"
             echo 'enable_registration: true'
-            echo 'enable_registration_without_verification: true'
             echo ''
 
 			# Warning, this heredoc depends on the interaction of tabs and spaces.

docs/sample_config.yaml

@@ -1258,18 +1258,10 @@ oembed:
 # Registration can be rate-limited using the parameters in the "Ratelimiting"
 # section of this file.
 
-# Enable registration for new users. Defaults to 'false'. It is highly recommended that if you enable registration,
-# you use either captcha, email, or token-based verification to verify that new users are not bots. In order to enable registration
-# without any verification, you must also set `enable_registration_without_verification`, found below.
+# Enable registration for new users.
 #
 #enable_registration: false
 
-# Enable registration without email or captcha verification. Note: this option is *not* recommended,
-# as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect
-# unless `enable_registration` is also enabled.
-#
-#enable_registration_without_verification: true
-
 # Time that a user's session remains valid for, after they log in.
 #
 # Note that this is not currently compatible with guest logins.

synapse/app/homeserver.py

@@ -351,23 +351,6 @@ def setup(config_options: List[str]) -> SynapseHomeServer:
     if config.server.gc_seconds:
         synapse.metrics.MIN_TIME_BETWEEN_GCS = config.server.gc_seconds
 
-    if (
-        config.registration.enable_registration
-        and not config.registration.enable_registration_without_verification
-    ):
-        if (
-            not config.captcha.enable_registration_captcha
-            and not config.registration.registrations_require_3pid
-            and not config.registration.registration_requires_token
-        ):
-
-            raise ConfigError(
-                "You have enabled open registration without any verification. This is a known vector for "
-                "spam and abuse. If you would like to allow public registration, please consider adding email, "
-                "captcha, or token-based verification. Otherwise this check can be removed by setting the "
-                "`enable_registration_without_verification` config option to `true`."
-            )
-
     hs = SynapseHomeServer(
         config.server.server_name,
         config=config,

synapse/config/registration.py

@@ -33,10 +33,6 @@ def read_config(self, config: JsonDict, **kwargs: Any) -> None:
                 str(config["disable_registration"])
             )
 
-        self.enable_registration_without_verification = strtobool(
-            str(config.get("enable_registration_without_verification", False))
-        )
-
         self.registrations_require_3pid = config.get("registrations_require_3pid", [])
         self.allowed_local_3pids = config.get("allowed_local_3pids", [])
         self.enable_3pid_lookup = config.get("enable_3pid_lookup", True)
@@ -216,18 +212,10 @@ def generate_config_section(
         # Registration can be rate-limited using the parameters in the "Ratelimiting"
         # section of this file.
 
-        # Enable registration for new users. Defaults to 'false'. It is highly recommended that if you enable registration,
-        # you use either captcha, email, or token-based verification to verify that new users are not bots. In order to enable registration
-        # without any verification, you must also set `enable_registration_without_verification`, found below.
+        # Enable registration for new users.
         #
         #enable_registration: false
 
-        # Enable registration without email or captcha verification. Note: this option is *not* recommended,
-        # as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect
-        # unless `enable_registration` is also enabled.
-        #
-        #enable_registration_without_verification: true
-
         # Time that a user's session remains valid for, after they log in.
         #
         # Note that this is not currently compatible with guest logins.

tests/config/test_registration_config.py

@@ -11,16 +11,14 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
-import synapse.app.homeserver
 from synapse.config import ConfigError
 from synapse.config.homeserver import HomeServerConfig
 
-from tests.config.utils import ConfigFileTestCase
+from tests.unittest import TestCase
 from tests.utils import default_config
 
 
-class RegistrationConfigTestCase(ConfigFileTestCase):
+class RegistrationConfigTestCase(TestCase):
     def test_session_lifetime_must_not_be_exceeded_by_smaller_lifetimes(self):
         """
         session_lifetime should logically be larger than, or at least as large as,
@@ -90,19 +88,3 @@ def test_session_lifetime_must_not_be_exceeded_by_smaller_lifetimes(self):
             "",
             "",
         )
-
-    def test_refuse_to_start_if_open_registration_and_no_verification(self):
-        self.generate_config()
-        self.add_lines_to_config(
-            [
-                " ",
-                "enable_registration: true",
-                "registrations_require_3pid: []",
-                "enable_registration_captcha: false",
-                "registration_requires_token: false",
-            ]
-        )
-
-        # Test that allowing open registration without verification raises an error
-        with self.assertRaises(ConfigError):
-            synapse.app.homeserver.setup(["-c", self.config_file])