diff --git a/conduit-example.toml b/conduit-example.toml
index 1fb27416..c83bce74 100644
--- a/conduit-example.toml
+++ b/conduit-example.toml
@@ -41,7 +41,7 @@ allow_registration = true
# A static registration token that new users will have to provide when creating
# an account. YOU NEED TO EDIT THIS.
# - Insert a password that users will have to enter on registration
-# - Comment out the line to remove the condition
+# - Start the line with '#' to remove the condition
registration_token = ""
allow_federation = true
diff --git a/debian/postinst b/debian/postinst
index 110f22d6..0707b6f2 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -72,9 +72,22 @@ max_request_size = 20_000_000 # in bytes
# Enables registration. If set to false, no users can register on this server.
allow_registration = true
+# A static registration token that new users will have to provide when creating
+# an account.
+# - Insert a password that users will have to enter on registration
+# - Start the line with '#' to remove the condition
+#registration_token = ""
+
allow_federation = true
allow_check_for_updates = true
+# Enable the display name lightning bolt on registration.
+enable_lightning_bolt = true
+
+# Servers listed here will be used to gather public keys of other servers.
+# Generally, copying this exactly should be enough. (Currently, Conduit doesn't
+# support batched key requests, so this list should only contain Synapse
+# servers.)
trusted_servers = ["matrix.org"]
#max_concurrent_requests = 100 # How many requests Conduit sends to other servers at the same time
diff --git a/docs/deploying/docker-compose.for-traefik.yml b/docs/deploying/docker-compose.for-traefik.yml
index 82bb55b0..c0bb042e 100644
--- a/docs/deploying/docker-compose.for-traefik.yml
+++ b/docs/deploying/docker-compose.for-traefik.yml
@@ -28,6 +28,7 @@ services:
CONDUIT_PORT: 6167
CONDUIT_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB
CONDUIT_ALLOW_REGISTRATION: 'true'
+ #CONDUIT_REGISTRATION_TOKEN: '' # require password for registration
CONDUIT_ALLOW_FEDERATION: 'true'
CONDUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
CONDUIT_TRUSTED_SERVERS: '["matrix.org"]'
diff --git a/docs/deploying/docker-compose.with-traefik.yml b/docs/deploying/docker-compose.with-traefik.yml
index 58603277..8ce3ad46 100644
--- a/docs/deploying/docker-compose.with-traefik.yml
+++ b/docs/deploying/docker-compose.with-traefik.yml
@@ -31,14 +31,13 @@ services:
### Uncomment and change values as desired
# CONDUIT_ADDRESS: 0.0.0.0
# CONDUIT_PORT: 6167
+ # CONDUIT_REGISTRATION_TOKEN: '' # require password for registration
# CONDUIT_CONFIG: '/srv/conduit/conduit.toml' # if you want to configure purely by env vars, set this to an empty string ''
# Available levels are: error, warn, info, debug, trace - more info at: https://docs.rs/env_logger/*/env_logger/#enabling-logging
- # CONDUIT_ALLOW_JAEGER: 'false'
# CONDUIT_ALLOW_ENCRYPTION: 'true'
# CONDUIT_ALLOW_FEDERATION: 'true'
# CONDUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
# CONDUIT_DATABASE_PATH: /srv/conduit/.local/share/conduit
- # CONDUIT_WORKERS: 10
# CONDUIT_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB
# We need some way to server the client and server .well-known json. The simplest way is to use a nginx container
diff --git a/src/api/client_server/account.rs b/src/api/client_server/account.rs
index d4529a40..b39e6229 100644
--- a/src/api/client_server/account.rs
+++ b/src/api/client_server/account.rs
@@ -74,10 +74,7 @@ pub async fn get_register_available_route(
/// - Creates a new account and populates it with default account data
/// - If `inhibit_login` is false: Creates a device and returns device id and access_token
pub async fn register_route(body: Ruma<register::v3::Request>) -> Result<register::v3::Response> {
- if !services().globals.allow_registration()
- && !body.from_appservice
- && services().globals.config.registration_token.is_none()
- {
+ if !services().globals.allow_registration() && !body.from_appservice {
return Err(Error::BadRequest(
ErrorKind::Forbidden,
"Registration has been disabled.",
@@ -122,21 +119,35 @@ pub async fn register_route(body: Ruma<register::v3::Request>) -> Result<registe
};
// UIAA
- let mut uiaainfo = UiaaInfo {
- flows: vec![AuthFlow {
- stages: if services().globals.config.registration_token.is_some() {
- vec![AuthType::RegistrationToken]
- } else {
- vec![AuthType::Dummy]
- },
- }],
- completed: Vec::new(),
- params: Default::default(),
- session: None,
- auth_error: None,
- };
+ let mut uiaainfo;
+ let skip_auth;
+ if services().globals.config.registration_token.is_some() {
+ // Registration token required
+ uiaainfo = UiaaInfo {
+ flows: vec![AuthFlow {
+ stages: vec![AuthType::RegistrationToken],
+ }],
+ completed: Vec::new(),
+ params: Default::default(),
+ session: None,
+ auth_error: None,
+ };
+ skip_auth = body.from_appservice;
+ } else {
+ // No registration token necessary, but clients must still go through the flow
+ uiaainfo = UiaaInfo {
+ flows: vec![AuthFlow {
+ stages: vec![AuthType::Dummy],
+ }],
+ completed: Vec::new(),
+ params: Default::default(),
+ session: None,
+ auth_error: None,
+ };
+ skip_auth = body.from_appservice || is_guest;
+ }
- if !body.from_appservice && !is_guest {
+ if !skip_auth {
if let Some(auth) = &body.auth {
let (worked, uiaainfo) = services().uiaa.try_auth(
&UserId::parse_with_server_name("", services().globals.server_name())