Allow guest account registration
Not every entity wants to keep open registrations on their instance, since it can leave the room to abuse. The Matrix specifications allows homeserver to accept guests registrations. Those are temporary accounts created without a password. The user do not chose their username at registration, they are assigned a username by the homeserver and can change their display name later.
When registering a guest account, all parameters in the request body with the exception of initial_device_display_name MUST BE ignored by the server. The server MUST pick a device_id for the account regardless of input.
This makes those accounts ideally very temporary, since the user will not be able to use it from another device, or to log in again.
Proper warnings should probably be issued to the user when registering a guest account. Regular reminders about the fragility of the account should also probably be issued when the user keep using them for long.
The spec also says:
guest accounts [...] may have limited permissions and may not be supported by all servers.
It does not seem possible to ask the server whether it supports guest accounts registration or not, but when attempting to register a guest account it looks like the server will answer with a 403 response if guest registration is not supported
Status code 403:
The homeserver does not permit registering the account. This response can be used to identify that a particular kind of account is not allowed, or that registration is generally not supported by the homeserver.
Proposed Mockups:
- left to design team to edit
Design Tasks
-
left to design team to edit
Development Tasks
-
left to project manager and developers to edit
QA Tasks
-
Register a guest user against a server that supports it -
Register a guest user against a server that does not support it -
Spam the registration endpoint from a machine to trigger rate limiting, then try to register a user
Guest users cannot call all the endpoints a regular user could. Guest users also might not be able to join rooms depending on how they were configured.
This issue being about guest registration and not guest account support, I refrain from adding QA tasks about it.