Allow preventing guest registration (#2199)

* Allow disabling guest registration separately

* Update sample config

* Set `guests_disabled` to `true` in the sample config
This commit is contained in:
Neil Alexander 2022-02-18 10:12:26 +00:00 committed by GitHub
parent 5dd203fde3
commit e1eb5807b6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 0 deletions

View file

@ -532,6 +532,13 @@ func handleGuestRegistration(
cfg *config.ClientAPI, cfg *config.ClientAPI,
userAPI userapi.UserInternalAPI, userAPI userapi.UserInternalAPI,
) util.JSONResponse { ) util.JSONResponse {
if cfg.RegistrationDisabled || cfg.GuestsDisabled {
return util.JSONResponse{
Code: http.StatusForbidden,
JSON: jsonerror.Forbidden("Guest registration is disabled"),
}
}
var res userapi.PerformAccountCreationResponse var res userapi.PerformAccountCreationResponse
err := userAPI.PerformAccountCreation(req.Context(), &userapi.PerformAccountCreationRequest{ err := userAPI.PerformAccountCreation(req.Context(), &userapi.PerformAccountCreationRequest{
AccountType: userapi.AccountTypeGuest, AccountType: userapi.AccountTypeGuest,

View file

@ -142,6 +142,10 @@ client_api:
# using the registration shared secret below. # using the registration shared secret below.
registration_disabled: false registration_disabled: false
# Prevents new guest accounts from being created. Guest registration is also
# disabled implicitly by setting 'registration_disabled' above.
guests_disabled: true
# If set, allows registration by anyone who knows the shared secret, regardless of # If set, allows registration by anyone who knows the shared secret, regardless of
# whether registration is otherwise disabled. # whether registration is otherwise disabled.
registration_shared_secret: "" registration_shared_secret: ""

View file

@ -18,6 +18,10 @@ type ClientAPI struct {
// If set, allows registration by anyone who also has the shared // If set, allows registration by anyone who also has the shared
// secret, even if registration is otherwise disabled. // secret, even if registration is otherwise disabled.
RegistrationSharedSecret string `yaml:"registration_shared_secret"` RegistrationSharedSecret string `yaml:"registration_shared_secret"`
// If set, prevents guest accounts from being created. Only takes
// effect if registration is enabled, otherwise guests registration
// is forbidden either way.
GuestsDisabled bool `yaml:"guests_disabled"`
// Boolean stating whether catpcha registration is enabled // Boolean stating whether catpcha registration is enabled
// and required // and required