Skip to main content

mas_config/sections/
account.rs

1// Copyright 2024, 2025 New Vector Ltd.
2// Copyright 2024 The Matrix.org Foundation C.I.C.
3//
4// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
5// Please see LICENSE files in the repository root for full details.
6
7use schemars::JsonSchema;
8use serde::{Deserialize, Serialize};
9
10use crate::ConfigurationSection;
11
12const fn default_true() -> bool {
13    true
14}
15
16#[expect(clippy::trivially_copy_pass_by_ref)]
17const fn is_default_true(value: &bool) -> bool {
18    *value == default_true()
19}
20
21const fn default_false() -> bool {
22    false
23}
24
25#[expect(clippy::trivially_copy_pass_by_ref)]
26const fn is_default_false(value: &bool) -> bool {
27    *value == default_false()
28}
29
30/// Configuration section to configure features related to account management
31#[expect(clippy::struct_excessive_bools)]
32#[derive(Clone, Debug, Deserialize, JsonSchema, Serialize)]
33pub struct AccountConfig {
34    /// Whether users are allowed to change their email addresses. Defaults to
35    /// `true`.
36    #[serde(default = "default_true", skip_serializing_if = "is_default_true")]
37    pub email_change_allowed: bool,
38
39    /// Whether users are allowed to change their display names. Defaults to
40    /// `true`.
41    ///
42    /// This should be in sync with the policy in the homeserver configuration.
43    #[serde(default = "default_true", skip_serializing_if = "is_default_true")]
44    pub displayname_change_allowed: bool,
45
46    /// Whether to enable self-service password registration. Defaults to
47    /// `false` if password authentication is enabled.
48    ///
49    /// This has no effect if password login is disabled.
50    #[serde(default = "default_false", skip_serializing_if = "is_default_false")]
51    pub password_registration_enabled: bool,
52
53    /// Whether self-service password registrations require a valid email.
54    /// Defaults to `true`.
55    ///
56    /// This has no effect if password registration is disabled.
57    #[serde(default = "default_true", skip_serializing_if = "is_default_true")]
58    pub password_registration_email_required: bool,
59
60    /// Whether users are allowed to change their passwords. Defaults to `true`.
61    ///
62    /// This has no effect if password login is disabled.
63    #[serde(default = "default_true", skip_serializing_if = "is_default_true")]
64    pub password_change_allowed: bool,
65
66    /// Whether email-based password recovery is enabled. Defaults to `false`.
67    ///
68    /// This has no effect if password login is disabled.
69    #[serde(default = "default_false", skip_serializing_if = "is_default_false")]
70    pub password_recovery_enabled: bool,
71
72    /// Whether registration tokens are required for password registrations.
73    /// Defaults to `false`.
74    ///
75    /// When enabled, users must provide a valid registration token during
76    /// password registration. This has no effect if password registration
77    /// is disabled.
78    #[serde(default = "default_false", skip_serializing_if = "is_default_false")]
79    pub password_registration_token_required: bool,
80
81    /// Whether users are allowed to delete their own account. Defaults to
82    /// `true`.
83    #[serde(default = "default_true", skip_serializing_if = "is_default_true")]
84    pub account_deactivation_allowed: bool,
85
86    /// Whether users can log in with their email address. Defaults to `false`.
87    ///
88    /// This has no effect if password login is disabled.
89    #[serde(default = "default_false", skip_serializing_if = "is_default_false")]
90    pub login_with_email_allowed: bool,
91
92    /// Whether registration tokens are required for password registrations
93    /// This is deprecated in favor of `password_registration_token_required`
94    #[serde(default = "default_false", skip_serializing_if = "is_default_false")]
95    pub registration_token_required: bool,
96}
97
98impl Default for AccountConfig {
99    fn default() -> Self {
100        Self {
101            email_change_allowed: default_true(),
102            displayname_change_allowed: default_true(),
103            password_registration_enabled: default_false(),
104            password_registration_email_required: default_true(),
105            password_change_allowed: default_true(),
106            password_recovery_enabled: default_false(),
107            password_registration_token_required: default_false(),
108            registration_token_required: default_false(),
109            account_deactivation_allowed: default_true(),
110            login_with_email_allowed: default_false(),
111        }
112    }
113}
114
115impl AccountConfig {
116    /// Returns true if the configuration is the default one
117    pub(crate) fn is_default(&self) -> bool {
118        is_default_false(&self.password_registration_enabled)
119            && is_default_true(&self.email_change_allowed)
120            && is_default_true(&self.displayname_change_allowed)
121            && is_default_true(&self.password_change_allowed)
122            && is_default_false(&self.password_recovery_enabled)
123            && is_default_false(&self.password_registration_token_required)
124            && is_default_false(&self.registration_token_required)
125            && is_default_true(&self.account_deactivation_allowed)
126            && is_default_false(&self.login_with_email_allowed)
127    }
128}
129
130impl ConfigurationSection for AccountConfig {
131    const PATH: Option<&'static str> = Some("account");
132}