search

Infisical / infisical

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
https://infisical.com
Other
15.13k stars 873 forks source link

New options for Allow user signups - invite only #2446

Open GameBurrow opened 1 week ago

GameBurrow commented 1 week ago

Feature description

Currently Allow user signups has 2 options:

We need third option - Invite only. Only allow registration for users that actually got invited.

Why would it be useful?

Currently the only way to limit user registration is by domain only. That's useful for corporations/companies/businesses where all people use same emails, but for more casual use, where people cane have different email domains (for example I have a kube cluster that is shared by me and my close friends), I have to temporarely enable registrations, so I can invite those people, which I consider a security risk. Especially considering you can't fully delete users through UI in Free tier, if some random person starts user registration process, while I have it open, it's annoying.

Additional context

Strange thing is looking at old issue reports and forum posts, it seems like you had this feature using INVITE_ONLY_SIGNUP env flag but it got removed at one point? https://github.com/Infisical/infisical/issues/1892

kasyap1234 commented 5 days ago

@maidul98 I would like to work on this issue .

sheensantoscapadngan commented 2 days ago

Hey @GameBurrow! When the Allow user signups option is Disabled, your users should still be able to register to the organization by clicking the invite link sent via email upon org invitation. At the moment, they will have to go through the invitation link for registration to work as expected. Let me know if you have any additional questions!

image
GameBurrow commented 2 days ago

@sheensantoscapadngan

Hey. I tried it with 2 people. When they clicked the links, it just directed them to the login page. Both of them said that and tried their links myself, can confirm. Even tried to invitie myself with secondary email and same happens.

Link format was https://vault.sepaurg.eu/signupinvite?token=[redacted]&to=[redacted]&organization_id=[redacted]

sheensantoscapadngan commented 2 days ago

This is indeed a bug in the signup flow. I've raised a PR to address this here.

Thank you for reporting this and for the prompt response!