@@ -896,6 +896,11 @@ LEVEL = Info | |||
;USER_DELETE_WITH_COMMENTS_MAX_TIME = 0 | |||
;; Valid site url schemes for user profiles | |||
;VALID_SITE_URL_SCHEMES=http,https | |||
;; The maximum number of users allowed to exist before creation is disabled. | |||
;; This is not a security prevention measure. | |||
;; Note, Admins will also be unable to create new users via the dashboard when the limit has been reached | |||
;; `-1` means no limit | |||
;MAX_USER_CREATE_LIMIT=-1 | |||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; |
@@ -690,6 +690,7 @@ And the following unique queues: | |||
The user's email will be replaced with a concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS. | |||
- `USER_DELETE_WITH_COMMENTS_MAX_TIME`: **0** Minimum amount of time a user must exist before comments are kept when the user is deleted. | |||
- `VALID_SITE_URL_SCHEMES`: **http, https**: Valid site url schemes for user profiles | |||
- `MAX_USER_CREATE_LIMIT`: **-1**: The maximum number of users allowed to exist before creation is disabled. Note: This also prevents admins from creating new users. `-1` means no limit. | |||
### Service - Explore (`service.explore`) | |||
@@ -600,6 +600,11 @@ func createUser(ctx context.Context, u *User, createdByAdmin bool, overwriteDefa | |||
return err | |||
} | |||
// Check the number of users already in the system, and if there are too many forbid any new ones. | |||
if HitCreationLimit(ctx) { | |||
return fmt.Errorf("The system has exceeded the user creation limit") | |||
} | |||
// set system defaults | |||
u.KeepEmailPrivate = setting.Service.DefaultKeepEmailPrivate | |||
u.Visibility = setting.Service.DefaultUserVisibilityMode | |||
@@ -729,6 +734,15 @@ func createUser(ctx context.Context, u *User, createdByAdmin bool, overwriteDefa | |||
return committer.Commit() | |||
} | |||
func HitCreationLimit(ctx context.Context) bool { | |||
// don't bother calling DB if limit not set | |||
if setting.Service.MaxUserCreationLimit < 0 || | |||
int64(setting.Service.MaxUserCreationLimit) < CountUsers(ctx, &CountUserFilter{}) { | |||
return false | |||
} | |||
return true | |||
} | |||
// IsLastAdminUser check whether user is the last admin | |||
func IsLastAdminUser(ctx context.Context, user *User) bool { | |||
if user.IsAdmin && CountUsers(ctx, &CountUserFilter{IsAdmin: optional.Some(true)}) <= 1 { |
@@ -81,6 +81,7 @@ var Service = struct { | |||
DefaultOrgMemberVisible bool | |||
UserDeleteWithCommentsMaxTime time.Duration | |||
ValidSiteURLSchemes []string | |||
MaxUserCreationLimit int | |||
// OpenID settings | |||
EnableOpenIDSignIn bool | |||
@@ -234,6 +235,8 @@ func loadServiceFrom(rootCfg ConfigProvider) { | |||
} | |||
Service.ValidSiteURLSchemes = schemes | |||
Service.MaxUserCreationLimit = sec.Key("MAX_USER_CREATE_LIMIT").MustInt(-1) | |||
mustMapSetting(rootCfg, "service.explore", &Service.Explore) | |||
loadOpenIDSetting(rootCfg) |
@@ -724,6 +724,13 @@ func ActivatePost(ctx *context.Context) { | |||
return | |||
} | |||
// Check the number of users already in the system, and if there are too many forbid any new ones. | |||
if user_model.HitCreationLimit(ctx) { | |||
ctx.Flash.Error("The system has exceeded the user creation limit", true) | |||
renderActivationChangeEmail(ctx) | |||
return | |||
} | |||
if code == "" { | |||
newEmail := strings.TrimSpace(ctx.FormString("change_email")) | |||
if ctx.Doer != nil && newEmail != "" && !strings.EqualFold(ctx.Doer.Email, newEmail) { |