Skip to content

Add per-provider user registration control #1321

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
johnmaguire wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add per-provider user registration control #1321

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions bin/core/src/auth/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -205,6 +205,20 @@ impl AuthImpl for KomodoAuthImpl {
core_config().disable_user_registration
}

fn local_registration_disabled(&self) -> bool {
let config = core_config();
config
.disable_local_user_registration
.unwrap_or(config.disable_user_registration)
}

fn oidc_registration_disabled(&self) -> bool {
let config = core_config();
config
.disable_oidc_user_registration
.unwrap_or(config.disable_user_registration)
}

fn validate_username(
&self,
username: &str,
Expand Down
6 changes: 6 additions & 0 deletions bin/core/src/config.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -345,6 +345,12 @@ pub fn core_config() -> &'static CoreConfig {
disable_user_registration: env
.komodo_disable_user_registration
.unwrap_or(config.disable_user_registration),
disable_local_user_registration: env
.komodo_disable_local_user_registration
.or(config.disable_local_user_registration),
disable_oidc_user_registration: env
.komodo_disable_oidc_user_registration
.or(config.disable_oidc_user_registration),
disable_non_admin_create: env
.komodo_disable_non_admin_create
.unwrap_or(config.disable_non_admin_create),
Expand Down
24 changes: 24 additions & 0 deletions client/core/rs/src/entities/config/core.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,10 @@ pub struct Env {
pub komodo_enable_new_users: Option<bool>,
/// Override `disable_user_registration`
pub komodo_disable_user_registration: Option<bool>,
/// Override `disable_local_user_registration`
pub komodo_disable_local_user_registration: Option<bool>,
/// Override `disable_oidc_user_registration`
pub komodo_disable_oidc_user_registration: Option<bool>,
/// Override `lock_login_credentials_for`
pub komodo_lock_login_credentials_for: Option<Vec<String>>,
/// Override `disable_confirm_dialog`
Expand Down Expand Up @@ -457,6 +461,20 @@ pub struct CoreConfig {
#[serde(default)]
pub disable_user_registration: bool,

/// Disable local (username/password) user registration only.
/// When set, the "Sign Up" button is hidden and local signups are blocked,
/// but OIDC and other external provider signups are still allowed.
/// If not set, falls back to `disable_user_registration`.
#[serde(default)]
pub disable_local_user_registration: Option<bool>,

/// Disable OIDC user registration only.
/// When set, new users cannot register via OIDC,
/// but local and other provider signups are still allowed.
/// If not set, falls back to `disable_user_registration`.
#[serde(default)]
pub disable_oidc_user_registration: Option<bool>,

/// List of usernames for which the update username / password
/// APIs are disabled. Used by demo to lock the 'demo' : 'demo' login.
///
Expand Down Expand Up @@ -826,6 +844,8 @@ impl Default for CoreConfig {
transparent_mode: Default::default(),
enable_new_users: Default::default(),
disable_user_registration: Default::default(),
disable_local_user_registration: Default::default(),
disable_oidc_user_registration: Default::default(),
lock_login_credentials_for: Default::default(),
disable_non_admin_create: Default::default(),
jwt_secret: Default::default(),
Expand Down Expand Up @@ -909,6 +929,10 @@ impl CoreConfig {
enable_fancy_toml: config.enable_fancy_toml,
enable_new_users: config.enable_new_users,
disable_user_registration: config.disable_user_registration,
disable_local_user_registration: config
.disable_local_user_registration,
disable_oidc_user_registration: config
.disable_oidc_user_registration,
disable_non_admin_create: config.disable_non_admin_create,
lock_login_credentials_for: config.lock_login_credentials_for,
local_auth: config.local_auth,
Expand Down
14 changes: 14 additions & 0 deletions config/core.config.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,20 @@ init_admin_password = "changeme"
## Default: false
disable_user_registration = false

## Disable local (username/password) user registration only.
## When set to true, the "Sign Up" button is hidden and local signups are blocked,
## but OIDC and other external provider signups are still allowed.
## If not set, falls back to `disable_user_registration`.
## Env: KOMODO_DISABLE_LOCAL_USER_REGISTRATION
# disable_local_user_registration = true

## Disable OIDC user registration only.
## When set to true, new users cannot register via OIDC,
## but local and other provider signups are still allowed.
## If not set, falls back to `disable_user_registration`.
## Env: KOMODO_DISABLE_OIDC_USER_REGISTRATION
# disable_oidc_user_registration = true

## New users will be automatically enabled when they sign up.
## Otherwise, new users will be disabled on first login.
## The first user to login will always be enabled on creation.
Expand Down