From 8ea1b41a0e353da2d3ec3b7f5ee3bd240261c668 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Mon, 11 Mar 2019 13:21:52 -0500 Subject: [PATCH] Clarify what registration_shared_secret allows for (#2885) (#4844) * Clarify what registration_shared_secret allows for (#2885) Signed-off-by: Aaron Raimist * Add changelog Signed-off-by: Aaron Raimist --- INSTALL.md | 4 ++-- changelog.d/4844.misc | 1 + docs/sample_config.yaml | 4 ++-- synapse/config/registration.py | 4 ++-- 4 files changed, 7 insertions(+), 6 deletions(-) create mode 100644 changelog.d/4844.misc diff --git a/INSTALL.md b/INSTALL.md index 2993f3a9e..5c67f14ed 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -402,8 +402,8 @@ This process uses a setting `registration_shared_secret` in `homeserver.yaml`, which is shared between Synapse itself and the `register_new_matrix_user` script. It doesn't matter what it is (a random value is generated by `--generate-config`), but it should be kept secret, as -anyone with knowledge of it can register users on your server even if -`enable_registration` is `false`. +anyone with knowledge of it can register users, including admin accounts, +on your server even if `enable_registration` is `false`. ## Setting up a TURN server diff --git a/changelog.d/4844.misc b/changelog.d/4844.misc new file mode 100644 index 000000000..eff6f1c43 --- /dev/null +++ b/changelog.d/4844.misc @@ -0,0 +1 @@ +Clarify what registration_shared_secret allows for. diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml index b62745dd6..22d5e6b1d 100644 --- a/docs/sample_config.yaml +++ b/docs/sample_config.yaml @@ -624,8 +624,8 @@ enable_registration: False # - medium: msisdn # pattern: '\+44' -# If set, allows registration by anyone who also has the shared -# secret, even if registration is otherwise disabled. +# If set, allows registration of standard or admin accounts by anyone who +# has the shared secret, even if registration is otherwise disabled. # # registration_shared_secret: diff --git a/synapse/config/registration.py b/synapse/config/registration.py index d34dc9e45..a123f25a6 100644 --- a/synapse/config/registration.py +++ b/synapse/config/registration.py @@ -92,8 +92,8 @@ class RegistrationConfig(Config): # - medium: msisdn # pattern: '\\+44' - # If set, allows registration by anyone who also has the shared - # secret, even if registration is otherwise disabled. + # If set, allows registration of standard or admin accounts by anyone who + # has the shared secret, even if registration is otherwise disabled. # %(registration_shared_secret)s