mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-07-10 10:14:51 -06:00
don't auto-enable signups via allowed domains list
NOTE this is a breaking change that requires admin intervention to set `SIGNUPS_ALLOWED=true` if you want users with a domain in the allow list to signup.
This commit is contained in:
parent
d626ea81ab
commit
21eafd0dde
@ -269,8 +269,10 @@
|
||||
## email will be re-sent upon an attempted login.
|
||||
# SIGNUPS_VERIFY_RESEND_LIMIT=6
|
||||
|
||||
## Controls if new users from a list of comma-separated domains can register
|
||||
## even if SIGNUPS_ALLOWED is set to false
|
||||
## Restrict email addresses to this list of comma-separated domains
|
||||
## This allow list affects signups, invitations and email address changes.
|
||||
## By default this allow list is empty, meaning no restrictions apply.
|
||||
## NOTE: You can circumvent this restriction if you invite someone via the `/admin` panel.
|
||||
# SIGNUPS_DOMAINS_WHITELIST=example.com,example.net,example.org
|
||||
|
||||
## Controls whether event logging is enabled for organizations
|
||||
|
||||
@ -623,7 +623,7 @@ make_config! {
|
||||
signups_verify_resend_time: u64, true, def, 3_600;
|
||||
/// If signups require email verification, limit how many emails are automatically sent when login is attempted (0 means no limit)
|
||||
signups_verify_resend_limit: u32, true, def, 6;
|
||||
/// Email domain whitelist |> Allow signups only from this list of comma-separated domains, even when signups are otherwise disabled
|
||||
/// Email domain whitelist |> Restrict email addresses to this list of comma-separated domains
|
||||
signups_domains_whitelist: String, true, def, String::new();
|
||||
/// Enable event logging |> Enables event logging for organizations.
|
||||
org_events_enabled: bool, false, def, false;
|
||||
@ -1507,21 +1507,14 @@ impl Config {
|
||||
/// Tests whether signup is allowed for an email address, taking into
|
||||
/// account the signups_allowed and signups_domains_whitelist settings.
|
||||
pub fn is_signup_allowed(&self, email: &str) -> bool {
|
||||
if self.signups_domains_whitelist().is_empty() {
|
||||
self.signups_allowed()
|
||||
} else {
|
||||
// The whitelist setting overrides the signups_allowed setting.
|
||||
self.is_email_domain_allowed(email)
|
||||
}
|
||||
self.signups_allowed() && self.is_email_domain_allowed(email)
|
||||
}
|
||||
|
||||
// The registration link should be hidden if
|
||||
// - Signup is not allowed and email whitelist is empty unless mail is disabled and invitations are allowed
|
||||
// - Signup is not allowed unless mail is disabled and invitations are allowed
|
||||
// - The SSO is activated and password login is disabled.
|
||||
pub fn is_signup_disabled(&self) -> bool {
|
||||
(!self.signups_allowed()
|
||||
&& self.signups_domains_whitelist().is_empty()
|
||||
&& (self.mail_enabled() || !self.invitations_allowed()))
|
||||
(!self.signups_allowed() && (self.mail_enabled() || !self.invitations_allowed()))
|
||||
|| (self.sso_enabled() && self.sso_only())
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user