new account verify by the admin

[hale177]

new release webui very beautiful ！

but our company deployed mokey on the Internet， If open to anyone register account and self verify ，is not be safe so add admin users to verify new accounts feature is it better ？（after a new user registers an account ，be email or webhook url notify to admin users ）

thanks

[aebruno]

@hale177 thanks!

Requiring admins to verify new accounts would be an interesting feature but the extra manual step goes against the goal of mokey being a self-service tool. So this will likely be lower on the priority list.

Here's a few things to try that might help your situation in the interim:

• You can set the allowed_domains config option which will require users to register with an email address in that domain. See here
• Leverage unix groups such that users do not have access to anything unless they're in a specific group. This way even if a user creates and verifies their account, an admin has to add them to a specific unix group before they have access to any of your resources
• Run mokey behind a firewall
• Block new user signups in mokey. Have an admin create the account and then tell the user to reset their password via mokey.

[Aterfax]

Block new user signups in mokey. Have an admin create the account and then tell the user to reset their password via mokey.

I think they might need some instructions on implementing this? I don't see anything documented in the config file for disabling user sign up.

That aside, this could be approached by firewalling, using a reverse proxy and forbidding access to the /signup path.

[cmd-ntrf]

@aebruno : would you be interested in me adapting my previously merged PR #58 to the new Mokey ? The missing feature is currently stopping me from updating Mokey in Magic Castle.

[aebruno]

@cmd-ntrf Yes absolutely. That would be great. Thank you!