diff --git a/synapse/rest/client/register.py b/synapse/rest/client/register.py index 956c45e60a4b..4a977c060be1 100644 --- a/synapse/rest/client/register.py +++ b/synapse/rest/client/register.py @@ -433,6 +433,11 @@ def __init__(self, hs: "HomeServer"): hs.config.registration.inhibit_user_in_use_error ) + self._require_approval = ( + hs.config.experimental.msc3866.enabled + and hs.config.experimental.msc3866.require_approval_for_new_accounts + ) + self._registration_flows = _calculate_registration_flows( hs.config, self.auth_handler ) @@ -756,6 +761,13 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]: access_token=return_dict.get("access_token"), ) + if self._require_approval: + raise SynapseError( + code=403, + errcode=Codes.USER_AWAITING_APPROVAL, + msg="This account needs to be approved by an administrator before it can be used.", + ) + return 200, return_dict async def _do_appservice_registration( diff --git a/tests/rest/client/test_register.py b/tests/rest/client/test_register.py index ab4277dd3171..b785c2e6527e 100644 --- a/tests/rest/client/test_register.py +++ b/tests/rest/client/test_register.py @@ -765,6 +765,29 @@ def test_inhibit_user_in_use_error(self) -> None: self.assertEqual(channel.code, 400, channel.json_body) self.assertEqual(channel.json_body["errcode"], Codes.USER_IN_USE) + @override_config( + { + "experimental_features": { + "msc3866": { + "enabled": True, + "require_approval_for_new_accounts": True, + } + } + } + ) + def test_require_approval(self) -> None: + channel = self.make_request( + "POST", + "register", + { + "username": "kermit", + "password": "monkey", + "auth": {"type": LoginType.DUMMY}, + }, + ) + self.assertEqual(403, channel.code, channel.result) + self.assertEqual(Codes.USER_AWAITING_APPROVAL, channel.json_body["errcode"]) + class AccountValidityTestCase(unittest.HomeserverTestCase):