Issues with signup, INVITE_ONLY_SIGNUP env variable does not work

[Mark24Slides]

Describe the bug

Signup via invite does not work. Using latest self-hosted infisical/backend and infisical/frontend: v0.43.16

Sent invite to the user via Organization Access Control. College opened the link, entered credentials and got: "Signup are disabled" respond.

INVITE_ONLY_SIGNUP env variable is setup with "true" (tried "false", with redeployment, same error).

To Reproduce

Steps to reproduce the behavior:

1. Go to Organization Access Control and create invite.
2. Open link, received via invite
3. Enter first and last name, password
4. See 400 error

Platform you are having the issue on:

Kubernetes cluster, v.1.26

Docker images: infisical/backend:v0.43.16 infisical/frontend:v0.43.16 infisical/kubernetes-operator:v0.3.3 gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0 docker.io/bitnami/redis:7.2.3-debian-11-r1

P.S. Checked https://infisical.com/docs/self-hosting/configuration/envars, all should be ok (infisical works correctly, except signup).

[mtracz]

Hi, I have the same issue on self-hosted instance.

INVITE_ONLY_SIGNUP=true is set but random users can still create new accounts with new organizations via signup link on login page.

In admin panel Enable signup or invite is enabled. If I disable it then got Signup are disabled in the response with 400 http code on POST /singupinvite route, but also link for signup disappears on login page - which is fine but invitations stop work then.

I'm using image: infisical/infisical:v0.43.16 (see docker-compose.yml).

docker-compose.yml

```yml version: "3" services: backend: container_name: infisical-backend restart: unless-stopped depends_on: - mongo image: infisical/infisical:v0.43.16 env_file: .env ports: - 80:8080 environment: - NODE_ENV=production networks: - infisical redis: image: redis container_name: infisical-dev-redis env_file: .env environment: - ALLOW_EMPTY_PASSWORD=yes ports: - 6379:6379 networks: - infisical volumes: - redis_data:/data mongo: container_name: infisical-mongo image: mongo restart: always env_file: .env environment: - MONGO_INITDB_ROOT_USERNAME=${MONGO_USERNAME} - MONGO_INITDB_ROOT_PASSWORD=${MONGO_PASSWORD} volumes: - mongo-data:/data/db networks: - infisical mailpit: image: axllent/mailpit:v1.6.9 ports: - 8025:8025 networks: - infisical volumes: mongo-data: driver: local redis_data: driver: local networks: infisical: ```

.env

```dotenv # THIS IS A SAMPLE ENCRYPTION KEY AND SHOULD NEVER BE USED FOR PRODUCTION ENCRYPTION_KEY=6c1fe4e407b8911c104518103505b218 # THIS IS A SAMPLE AUTH_SECRET KEY AND SHOULD NEVER BE USED FOR PRODUCTION AUTH_SECRET=5lrMXKKWCVocS/uerPsl7V+TX/aaUaI7iDkgl3tSmLE= MONGO_URL=mongodb://root:example@mongo:27017/?authSource=admin REDIS_URL=redis://redis:6379 MONGO_USERNAME=root MONGO_PASSWORD=example SITE_URL=http://localhost:80 INVITE_ONLY_SIGNUP=true # Mail/SMTP SMTP_HOST=mailpit SMTP_PORT=1025 SMTP_NAME=test-smtp SMTP_USERNAME=null SMTP_PASSWORD=null ```

Admin panel settings


App: http://localhost SMTP dashboard: http://localhost:8025

Expected behavior: I would like to allow only invited users to create accounts/login into via email flow. Other sing-ups for non invited users should be rejected.

=== @Mark24Slides "in admin dashboard" do you have enabled or disabled Enable signup or invite? You probably have disabled Enable signup or invite in admin dashboard. If you enable it, invitations will work, but also random users can create accounts and organizations then.

[Mark24Slides]

@mtracz Thanks a lot, for a solution, had it disabled.

But, as you already mentioned, now anybody can create own account and auth infisical portal. Would be cool to have INVITE_ONLY_SIGNUP working again.

[maidul98]

@Mark24Slides we'll look into INVITE_ONLY_SIGNUP issue

[pat-s]

Can confirm the issue on v0.45.4.