Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Registrations are poorly specified #1984

Closed
joepie91 opened this issue May 1, 2019 · 4 comments · Fixed by #2055
Closed

Registrations are poorly specified #1984

joepie91 opened this issue May 1, 2019 · 4 comments · Fixed by #2055
Assignees
@turt2live
Labels
clarification An area where the spec could do with being more explicit client-server Client-Server API

Comments

@joepie91
Copy link

joepie91 commented May 1, 2019

Currently, the documentation for the /register endpoint is pretty sparse about guest registrations. Specifically, I've found the following things to be missing so far:

  1. Are homeservers permitted to reject guest registrations? If yes, what is the correct error and status code?
  2. /register docs claim that password is required #719 claims that passwords are optional for guest accounts. But are they permitted for a guest account?
  3. Relatedly: are passwords required for normal user accounts, or can those omit them too?
  4. Again relatedly: are guests permitted to choose a username?
  5. ... and are regular users permitted to omit it?

I guess that all of these points, except for the first one, can be summarized as it being unclear how the required-ness of fields is affected by the guest-ness of an account.
@uhoreg
Copy link
Member

uhoreg commented May 1, 2019

Anecdotally, synapse seems to just return a 403 when guest registration is disabled. (It also returns a 403 when a user tries to register with normal registration is disabled.)

@joepie91
Copy link
Author

joepie91 commented May 1, 2019

What error code would it return in both cases, though? As I understand it, Matrix error codes are prioritized over HTTP status codes to infer meaning from a response.

@turt2live turt2live added clarification An area where the spec could do with being more explicit client-server Client-Server API labels May 1, 2019
@uhoreg
Copy link
Member

uhoreg commented May 2, 2019

In this case, Synapse seems to return M_UNKNOWN, which is kind of useless.

@joepie91
Copy link
Author

joepie91 commented May 3, 2019

Right. In that case, it should be safe to return an M_FORBIDDEN (with status code 403), right? As that's how a 403 M_UNKNOWN would be interpreted anyway, if I recall correctly, and it'd be a bit more correct.

@turt2live turt2live self-assigned this May 30, 2019
turt2live added a commit that referenced this issue May 30, 2019
@turt2live
Clarify guest accounts and auth usage on /register
2f8a176 
Fixes #1980
Fixes #1984
turt2live added a commit that referenced this issue May 30, 2019
@turt2live
Clarify guest accounts and auth usage on /register
2ed37f5 
Fixes #1980
Fixes #1984
@turt2live turt2live mentioned this issue May 30, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@turt2live turt2live

Labels
clarification An area where the spec could do with being more explicit client-server Client-Server API
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Clarify guest accounts and auth usage on /register matrix-org/matrix-spec-proposals
3 participants
@uhoreg @turt2live @joepie91