Tweak AS registration check and AS component HTTP clients

[neilalexander]

This tweaks the check for AS registration vs normal registration, since it seems that AS users are incorrectly being subjected to normal username checks (e.g. not being allowed to have usernames prefixed with _).

This also makes the following changes to the appservice component:

• A new appservice client is used for appservice HTTP requests
• A new DisableTLSValidation option has been added to the appservice config section for appservice traffic only

[kegsay]

Why are we using this client instead of a normal one? GMSL.Client is for federation traffic only I thought? ASes do not get sent signed traffic.

[neilalexander]

gomatrixserverlib.Client is for normal requests (like what the media API uses to fetch media), gomatrixserverlib.FederationClient is for signed requests.

[kegsay]

What's the difference between GMSL.Client and net/http.Client?

[neilalexander]

Not much, mostly just that gomatrixserverlib.Client has all of the correct wiring already to give it a timeout and/or disable TLS validation without needing to reinvent the wheel again in the AS code.

[kegsay]

I'd prefer it if we only look at the access token if the login type is set to AS?

[neilalexander]

It turns out that this isn't always the case. It's another one of those "spec is vague" things but Synapse also treats all calls to /register with an access_token as if they are coming from an AS.

[neilalexander]

Decided with @Half-Shot to instead enforce authtypes.LoginTypeApplicationService only.

[neilalexander]

I need to fix the sytests again to send m.login.application_service as the auth type, so I will do that before merging.

[Half-Shot]

I need to fix the sytests again to send m.login.application_service as the auth type, so I will do that before merging.

matrix-org/sytest#1018