Make Synapse support username availability check

[lampholder]

The details of the new guest experience for Riot are on the project plan: element-hq/riot-meta#59

I believe there are design decision reasons why this hasn't been implemented in the past. I'd like us to consider this because picking an available username is particularly tedious if checking availability isn't as painless as possible.

The scope of this task would be to deliver an API in Synapse that can be called to check username availability.

@ara4n - what are your thoughts on this existing?

[ara4n]

sounds great to me. i'd expect the auth stuff would give us an API we could already prod for this...

[lukebarnard1]

i'd expect the auth stuff would give us an API we could already prod for this...

Not quite true. We'll have to write a simple API for Synapse that does a SELECT in whichever table stores user IDs.

The API could look like

GET /_matrix/.../register/available
{
    "username" : "mylovelyusername"
}

Available looks like:

HTTP/1.1 200 OK
{
    "available" : true
}

Unavailable looks like

HTTP/1.1 400
User ID already taken

This would require modifying rest/client/v2_alpha/register.py to include this new endpoint. The endpoint could then hit check_username from handlers/register.py and if no errors are thrown, return the success response.

Rate limiting would have to be quite heavy so as to prevent people iterating over mxids.

[Half-Shot]

Could username be exchanged for any other field? If I wanted to see if a phone number was taken or something like that. Perhaps even allowing /avaliable to take multiple fields?

Jumped to conclusions about the purpose of the API. Ignore me :)

[erikjohnston]

To what extent do we want to stop people from being able to iterate over lists of mxids? We probably want to have quite aggressive ratelimiting on the endpoint at least.

[lukebarnard1]

Yep, it would be heavily rate-limited, I forgot to mention that.