mirror of
https://github.com/dani-garcia/vaultwarden
synced 2024-11-25 05:10:20 +00:00
Add the ability to disable signups, but allow signups from a whitelist
This feature can be enabled by setting SIGNUPS_ALLOWED=false and providing a comma-separated list of whitelisted domains in SIGNUPS_DOMAINS_WHITELIST. Fixes #727
This commit is contained in:
parent
a19a6fb016
commit
64d6f72e6c
3 changed files with 21 additions and 1 deletions
|
@ -95,6 +95,14 @@
|
||||||
## Controls if new users can register
|
## Controls if new users can register
|
||||||
# SIGNUPS_ALLOWED=true
|
# SIGNUPS_ALLOWED=true
|
||||||
|
|
||||||
|
## Controls if new users from a list of comma-separated domains can register
|
||||||
|
## even if SIGNUPS_ALLOWED is set to false
|
||||||
|
##
|
||||||
|
## WARNING: There is currently no validation that prevents anyone from
|
||||||
|
## signing up with any made-up email address from one of these
|
||||||
|
## whitelisted domains!
|
||||||
|
# SIGNUPS_DOMAINS_WHITELIST=example.com,example.net,example.org
|
||||||
|
|
||||||
## Token for the admin interface, preferably use a long random string
|
## Token for the admin interface, preferably use a long random string
|
||||||
## One option is to use 'openssl rand -base64 48'
|
## One option is to use 'openssl rand -base64 48'
|
||||||
## If not set, the admin panel is disabled
|
## If not set, the admin panel is disabled
|
||||||
|
|
|
@ -90,7 +90,7 @@ fn register(data: JsonUpcase<RegisterData>, conn: DbConn) -> EmptyResult {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
None => {
|
None => {
|
||||||
if CONFIG.signups_allowed() || Invitation::take(&data.Email, &conn) {
|
if CONFIG.signups_allowed() || Invitation::take(&data.Email, &conn) || CONFIG.can_signup_user(&data.Email) {
|
||||||
User::new(data.Email.clone())
|
User::new(data.Email.clone())
|
||||||
} else {
|
} else {
|
||||||
err!("Registration not allowed or user already exists")
|
err!("Registration not allowed or user already exists")
|
||||||
|
|
|
@ -243,6 +243,8 @@ make_config! {
|
||||||
disable_icon_download: bool, true, def, false;
|
disable_icon_download: bool, true, def, false;
|
||||||
/// Allow new signups |> Controls if new users can register. Note that while this is disabled, users could still be invited
|
/// Allow new signups |> Controls if new users can register. Note that while this is disabled, users could still be invited
|
||||||
signups_allowed: bool, true, def, true;
|
signups_allowed: bool, true, def, true;
|
||||||
|
/// Allow signups only from this list of comma-separated domains
|
||||||
|
signups_domains_whitelist: String, true, def, "".to_string();
|
||||||
/// Allow invitations |> Controls whether users can be invited by organization admins, even when signups are disabled
|
/// Allow invitations |> Controls whether users can be invited by organization admins, even when signups are disabled
|
||||||
invitations_allowed: bool, true, def, true;
|
invitations_allowed: bool, true, def, true;
|
||||||
/// Password iterations |> Number of server-side passwords hashing iterations.
|
/// Password iterations |> Number of server-side passwords hashing iterations.
|
||||||
|
@ -491,6 +493,16 @@ impl Config {
|
||||||
self.update_config(builder)
|
self.update_config(builder)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn can_signup_user(&self, email: &str) -> bool {
|
||||||
|
let e: Vec<&str> = email.rsplitn(2, "@").collect();
|
||||||
|
if e.len() != 2 || e[0].is_empty() || e[1].is_empty() {
|
||||||
|
warn!("Failed to parse email address '{}'", email);
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
self.signups_domains_whitelist().split(",").any(|d| d == e[0])
|
||||||
|
}
|
||||||
|
|
||||||
pub fn delete_user_config(&self) -> Result<(), Error> {
|
pub fn delete_user_config(&self) -> Result<(), Error> {
|
||||||
crate::util::delete_file(&CONFIG_FILE)?;
|
crate::util::delete_file(&CONFIG_FILE)?;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue