diff --git a/custom/conf/app.ini.sample b/custom/conf/app.ini.sample index 90c2a9ab9c..68f144c089 100644 --- a/custom/conf/app.ini.sample +++ b/custom/conf/app.ini.sample @@ -288,6 +288,8 @@ RESET_PASSWD_CODE_LIVE_MINUTES = 180 REGISTER_EMAIL_CONFIRM = false ; Disallow registration, only allow admins to create accounts. DISABLE_REGISTRATION = false +; Allow registration only using third part services, it works only when DISABLE_REGISTRATION is false +ALLOW_ONLY_EXTERNAL_REGISTRATION = false ; User must sign in to view anything. REQUIRE_SIGNIN_VIEW = false ; Mail notification diff --git a/modules/auth/user_form.go b/modules/auth/user_form.go index 956ebd944b..5906abcd1d 100644 --- a/modules/auth/user_form.go +++ b/modules/auth/user_form.go @@ -44,6 +44,7 @@ type InstallForm struct { EnableOpenIDSignIn bool EnableOpenIDSignUp bool DisableRegistration bool + AllowOnlyExternalRegistration bool EnableCaptcha bool RequireSignInView bool DefaultKeepEmailPrivate bool diff --git a/modules/setting/setting.go b/modules/setting/setting.go index af1a282429..9f20d955cc 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -1143,6 +1143,7 @@ var Service struct { ResetPwdCodeLives int RegisterEmailConfirm bool DisableRegistration bool + AllowOnlyExternalRegistration bool ShowRegistrationButton bool RequireSignInView bool EnableNotifyMail bool @@ -1168,7 +1169,8 @@ func newService() { Service.ActiveCodeLives = sec.Key("ACTIVE_CODE_LIVE_MINUTES").MustInt(180) Service.ResetPwdCodeLives = sec.Key("RESET_PASSWD_CODE_LIVE_MINUTES").MustInt(180) Service.DisableRegistration = sec.Key("DISABLE_REGISTRATION").MustBool() - Service.ShowRegistrationButton = sec.Key("SHOW_REGISTRATION_BUTTON").MustBool(!Service.DisableRegistration) + Service.AllowOnlyExternalRegistration = sec.Key("ALLOW_ONLY_EXTERNAL_REGISTRATION").MustBool() + Service.ShowRegistrationButton = sec.Key("SHOW_REGISTRATION_BUTTON").MustBool(!(Service.DisableRegistration || Service.AllowOnlyExternalRegistration)) Service.RequireSignInView = sec.Key("REQUIRE_SIGNIN_VIEW").MustBool() Service.EnableReverseProxyAuth = sec.Key("ENABLE_REVERSE_PROXY_AUTHENTICATION").MustBool() Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool() diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index 2c8e9cd0ba..3082569bf5 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -117,6 +117,7 @@ federated_avatar_lookup = Enable Federated Avatars federated_avatar_lookup_popup = Enable federated avatar lookup using Libravatar. disable_registration = Disable Self-Registration disable_registration_popup = Disable user self-registration. Only administrators will be able to create new user accounts. +allow_only_external_registration_popup=Enable the registration only through external services. openid_signin = Enable OpenID Sign-In openid_signin_popup = Enable user sign-in via OpenID. openid_signup = Enable OpenID Self-Registration @@ -1442,6 +1443,7 @@ config.db_path_helper = (for "sqlite3" and "tidb") config.service_config = Service Configuration config.register_email_confirm = Require Email Confirmation to Register config.disable_register = Disable Self-Registration +config.allow_only_external_registration = Enable the registration only through external services config.enable_openid_signup = Enable OpenID Self-Registration config.enable_openid_signin = Enable OpenID Sign-In config.show_registration_button = Show Register Button diff --git a/routers/install.go b/routers/install.go index 2a7ec93d21..84e506c70b 100644 --- a/routers/install.go +++ b/routers/install.go @@ -112,6 +112,7 @@ func Install(ctx *context.Context) { form.EnableOpenIDSignIn = setting.Service.EnableOpenIDSignIn form.EnableOpenIDSignUp = setting.Service.EnableOpenIDSignUp form.DisableRegistration = setting.Service.DisableRegistration + form.AllowOnlyExternalRegistration = setting.Service.AllowOnlyExternalRegistration form.EnableCaptcha = setting.Service.EnableCaptcha form.RequireSignInView = setting.Service.RequireSignInView form.DefaultKeepEmailPrivate = setting.Service.DefaultKeepEmailPrivate @@ -304,6 +305,7 @@ func InstallPost(ctx *context.Context, form auth.InstallForm) { cfg.Section("openid").Key("ENABLE_OPENID_SIGNIN").SetValue(com.ToStr(form.EnableOpenIDSignIn)) cfg.Section("openid").Key("ENABLE_OPENID_SIGNUP").SetValue(com.ToStr(form.EnableOpenIDSignUp)) cfg.Section("service").Key("DISABLE_REGISTRATION").SetValue(com.ToStr(form.DisableRegistration)) + cfg.Section("service").Key("ALLOW_ONLY_EXTERNAL_REGISTRATION").SetValue(com.ToStr(form.AllowOnlyExternalRegistration)) cfg.Section("service").Key("ENABLE_CAPTCHA").SetValue(com.ToStr(form.EnableCaptcha)) cfg.Section("service").Key("REQUIRE_SIGNIN_VIEW").SetValue(com.ToStr(form.RequireSignInView)) cfg.Section("service").Key("DEFAULT_KEEP_EMAIL_PRIVATE").SetValue(com.ToStr(form.DefaultKeepEmailPrivate)) diff --git a/routers/user/auth.go b/routers/user/auth.go index 2a5cb8e4b2..c8e1ada0db 100644 --- a/routers/user/auth.go +++ b/routers/user/auth.go @@ -741,7 +741,8 @@ func SignUpPost(ctx *context.Context, cpt *captcha.Captcha, form auth.RegisterFo ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha - if setting.Service.DisableRegistration { + //Permission denied if DisableRegistration or AllowOnlyExternalRegistration options are true + if !setting.Service.ShowRegistrationButton { ctx.Error(403) return } diff --git a/templates/admin/config.tmpl b/templates/admin/config.tmpl index 370325692e..d8292a9e6b 100644 --- a/templates/admin/config.tmpl +++ b/templates/admin/config.tmpl @@ -114,6 +114,8 @@
{{.i18n.Tr "admin.config.disable_register"}}
+
{{.i18n.Tr "admin.config.allow_only_external_registration"}}
+
{{.i18n.Tr "admin.config.show_registration_button"}}
{{.i18n.Tr "admin.config.enable_openid_signup"}}
diff --git a/templates/install.tmpl b/templates/install.tmpl index bd79b3a068..46439b4979 100644 --- a/templates/install.tmpl +++ b/templates/install.tmpl @@ -200,6 +200,12 @@ +
+
+ + +
+