feat: add dedicated sign-up config for oauth (#13610)

Currently, it is only possible to disable all registrations. However, it
would be helpful if you could disable normal registration but enable
OAuth registration.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Added a setting to enable/disable new user signups via OAuth (default:
enabled).
* Admin Settings (Authentication) now includes a toggle for OAuth
signups.
* OAuth signup flow now respects this setting, preventing new
registrations via OAuth when disabled.
  * Self-hosted configuration schema updated to include the new option.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Signed-off-by: Hudint Finn Weigand <dev@hudint.de>
Co-authored-by: DarkSky <darksky2048@gmail.com>
Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
This commit is contained in:
Finn Weigand
2025-09-21 17:38:25 +02:00
committed by GitHub
parent 21bb8142b0
commit 363f64ebfa
5 changed files with 16 additions and 1 deletions
+5
View File
@@ -148,6 +148,11 @@
"description": "Whether allow new registrations.\n@default true",
"default": true
},
"allowSignupForOauth": {
"type": "boolean",
"description": "Whether allow new registrations via configured oauth.\n@default true",
"default": true
},
"requireEmailDomainVerification": {
"type": "boolean",
"description": "Whether require email domain record verification before accessing restricted resources.\n@default false",
@@ -8,6 +8,7 @@ export interface AuthConfig {
ttr: number;
};
allowSignup: boolean;
allowSignupForOauth: boolean;
requireEmailDomainVerification: boolean;
requireEmailVerification: boolean;
passwordRequirements: ConfigItem<{
@@ -27,6 +28,10 @@ defineModuleConfig('auth', {
desc: 'Whether allow new registrations.',
default: true,
},
allowSignupForOauth: {
desc: 'Whether allow new registrations via configured oauth.',
default: true,
},
requireEmailDomainVerification: {
desc: 'Whether require email domain record verification before accessing restricted resources.',
default: false,
@@ -224,7 +224,7 @@ export class OAuthController {
return connectedAccount.user;
}
if (!this.config.auth.allowSignup) {
if (!this.config.auth.allowSignupForOauth) {
throw new SignUpForbidden();
}
+4
View File
@@ -63,6 +63,10 @@
"type": "Boolean",
"desc": "Whether allow new registrations."
},
"allowSignupForOauth": {
"type": "Boolean",
"desc": "Whether allow new registrations via configured oauth."
},
"requireEmailDomainVerification": {
"type": "Boolean",
"desc": "Whether require email domain record verification before accessing restricted resources."
@@ -55,6 +55,7 @@ export const KNOWN_CONFIG_GROUPS = [
module: 'auth',
fields: [
'allowSignup',
'allowSignupForOauth',
// nested json object
{
key: 'passwordRequirements',