From 8ea1b41a0e353da2d3ec3b7f5ee3bd240261c668 Mon Sep 17 00:00:00 2001
From: Aaron Raimist <aaron@raim.ist>
Date: Mon, 11 Mar 2019 13:21:52 -0500
Subject: [PATCH] Clarify what registration_shared_secret allows for (#2885)
 (#4844)

* Clarify what registration_shared_secret allows for (#2885)

Signed-off-by: Aaron Raimist <aaron@raim.ist>

* Add changelog

Signed-off-by: Aaron Raimist <aaron@raim.ist>
---
 INSTALL.md                     | 4 ++--
 changelog.d/4844.misc          | 1 +
 docs/sample_config.yaml        | 4 ++--
 synapse/config/registration.py | 4 ++--
 4 files changed, 7 insertions(+), 6 deletions(-)
 create mode 100644 changelog.d/4844.misc

diff --git a/INSTALL.md b/INSTALL.md
index 2993f3a9e2..5c67f14ed6 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -402,8 +402,8 @@ This process uses a setting `registration_shared_secret` in
 `homeserver.yaml`, which is shared between Synapse itself and the
 `register_new_matrix_user` script. It doesn't matter what it is (a random
 value is generated by `--generate-config`), but it should be kept secret, as
-anyone with knowledge of it can register users on your server even if
-`enable_registration` is `false`.
+anyone with knowledge of it can register users, including admin accounts,
+on your server even if `enable_registration` is `false`.
 
 ## Setting up a TURN server
 
diff --git a/changelog.d/4844.misc b/changelog.d/4844.misc
new file mode 100644
index 0000000000..eff6f1c43c
--- /dev/null
+++ b/changelog.d/4844.misc
@@ -0,0 +1 @@
+Clarify what registration_shared_secret allows for.
diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index b62745dd6e..22d5e6b1d7 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -624,8 +624,8 @@ enable_registration: False
 #  - medium: msisdn
 #    pattern: '\+44'
 
-# If set, allows registration by anyone who also has the shared
-# secret, even if registration is otherwise disabled.
+# If set, allows registration of standard or admin accounts by anyone who
+# has the shared secret, even if registration is otherwise disabled.
 #
 # registration_shared_secret: <PRIVATE STRING>
 
diff --git a/synapse/config/registration.py b/synapse/config/registration.py
index d34dc9e456..a123f25a68 100644
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@@ -92,8 +92,8 @@ class RegistrationConfig(Config):
         #  - medium: msisdn
         #    pattern: '\\+44'
 
-        # If set, allows registration by anyone who also has the shared
-        # secret, even if registration is otherwise disabled.
+        # If set, allows registration of standard or admin accounts by anyone who
+        # has the shared secret, even if registration is otherwise disabled.
         #
         %(registration_shared_secret)s
 
-- 
GitLab