Thanks for the amazing program y'all. But I needed to do a lot of wiggling on the user-end to get things working for a more private selfhosted use-case.
Describe the issue
I understand the documentation indicates that the registration page will merely be hidden from the "register" button in the top right, but this seems pointless given a non-logged in user who visits the login page can merely click on the "sign-up" button to get there and still fill out the form and create an account.
To Reproduce
Steps to reproduce the issue:
set register_allowed = False
start server
Go to sign in page
click sign up
make an account
Expected behaviour
At the very least, all direct links of getting to the sign-up page should be blocked. However, in the long term, the actual sign up page itself should be blocked or a proper method of disabling registrations should be implemented.
Environment (please complete the following information):
OS: Debian
Installation method: Docker
Firefox
Current Workaround
Setting account_email_verification to "mandatory" in combination with not setting up a server email is a workaround but because the mandatory setting triggers the admin account being categorized as "unverified," one must first check the verify box in the admin section for the admin user, then shut everything down and enable account_email_verification "mandatory" (without a server email) to prevent future verifications.
The admin interface allows a checkmark to "verify" accounts so further user creation is easy. Note that the first login by a created account will say "we've sent an email out for verification," even though the box has been checked so recommend doing first login before passing along the account to your users to avoid user confusion.
Edit: There is no way to initially create passwords. The solution here is to toggle mandatory on and off restarting the server when needing to create users. Actually, I just found another older issue showing that there is a way to, but I'm too tired now to investigate. But it looks like it might be possible.
Thanks for the amazing program y'all. But I needed to do a lot of wiggling on the user-end to get things working for a more private selfhosted use-case.
Describe the issue I understand the documentation indicates that the registration page will merely be hidden from the "register" button in the top right, but this seems pointless given a non-logged in user who visits the login page can merely click on the "sign-up" button to get there and still fill out the form and create an account.
To Reproduce Steps to reproduce the issue:
Expected behaviour At the very least, all direct links of getting to the sign-up page should be blocked. However, in the long term, the actual sign up page itself should be blocked or a proper method of disabling registrations should be implemented.
Environment (please complete the following information):
Current Workaround Setting account_email_verification to "mandatory" in combination with not setting up a server email is a workaround but because the mandatory setting triggers the admin account being categorized as "unverified," one must first check the verify box in the admin section for the admin user, then shut everything down and enable account_email_verification "mandatory" (without a server email) to prevent future verifications.
The admin interface allows a checkmark to "verify" accounts so further user creation is easy. Note that the first login by a created account will say "we've sent an email out for verification," even though the box has been checked so recommend doing first login before passing along the account to your users to avoid user confusion.
Edit: There is no way to initially create passwords. The solution here is to toggle mandatory on and off restarting the server when needing to create users. Actually, I just found another older issue showing that there is a way to, but I'm too tired now to investigate. But it looks like it might be possible.