Automatically swap to closed registrations if an admin hasn't logged in recently

[joshsimmons]

Description:

Synapse installs that have open registration should automatically swap to closed registration if an admin hasn't logged in recently, as a way to mitigate unmaintained or abandoned homeservers as a vector for abuse.

Inspired by the latest release of Mastodon which includes two changes to address spam and abuse: one change is something that Synapse already does, which is defaulting to closed registrations, and the other is automatically swapping to closed registrations if an admin hasn't logged in recently (8 weeks).

[reivilibre]

Interesting idea, does feel a teensy bit footgunny I suppose since people may not habitually log in with their admin account (I don't use mine day-to-day for example).
But maybe the point is that open registration servers should ideally have someone monitoring them, which involves either poking at the database or the admin API.

I think this should also be disabled for private federations.

[joshsimmons]

But maybe the point is that open registration servers should ideally have someone monitoring them, which involves either poking at the database or the admin API.

Yeah, that's what I'm thinkin. I think of it a lil bit like a deadman's switch to promote safety of the open federation, so to your point, this wouldn't necessarily make sense in private federations.