Policy data for emails and registration *must* be set

[turt2live]

Describe the bug
https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#policy says that if emails or registration are unspecified, then the allow rules by default allow everything, but this appears to not be the case.

To Reproduce
Steps to reproduce the behavior:

1. Create a relatively basic/standard config with:

   policy:
     data:
       client_registration:
         allow_insecure_uris: true
         allow_missing_contacts: true
       admin_users: ['admin']
       admin_clients: ['CLIENTID']

2. Navigate to registration page
3. Try to register

Expected behavior
Registration works. Instead, you're denied.

Adding this to the config fixed it:

policy:
  data:
    # ... fields from above go here ...
    emails:
      allowed_addresses:
        substrings: [""]
    registration:
      allowed_usernames:
        substrings: [""]

Screenshots

Desktop (please complete the following information):

• OS: Windows 11
• Browser: Chrome
• Version: 133

Additional context

I'm running the Docker container at #4115

[sandhose]

I'm failing to reproduce. The policy should check for allowed emails/usernames respectively if data.emails.allowed_addresses and data.registration.allowed_usernames are truthy. This includes empty objects so this will reject everything:

policy:
  data:
    emails:
      allowed_addresses: {}
    registration:
      allowed_username: {}

Maybe you have something in the dynamic policy data that sets those properties?

[turt2live]

oh, yes, the dynamic data definitely sets stuff like that.