[BUG] Disable user registration also disable login for previously registered users

[mariushosting]

SECRET_USER_DISABLE=true

Adding the environment variable SECRET_USER_DISABLE=true also disables login for previously registered users. So the previously registered users can't connect anymore. The environment variable also applies to Sign In (not just new Sign up).

[bjarneo]

Hi,

Not really a bug. It is supposed to behave like that.

However, if this is needed, it should be implemented as a feature, and it should be possible to do from a admin user dashboard.

[mariushosting]

Hello @bjarneo I think this is needed. If someone uses your link and Signs up, they can use your hemmelig and spam (they can upload pictures etc on your server). And if I want to disable Sign ups, then I'm also prevented from using hemmelig. And if I can't use hemmelig, then what?

Only the registered users should be able to use Hemmelig, not everyone. Thank you for taking the time to consider this.

[bjarneo]

Well, the only extra feature you can do as a signed in user is to have longer expiring time for secrets, and upload images.

It is not that easy to spam as rate limiting has been implemented. As it comes to file size, you can even set a limit for the upload size for the images.

I understand your concern, and I think it is a great feature. But it has to be part of the user journey for hemmelig which is not really something I have looked into yet. Will add this as a feature to that journey.

[mariushosting]

Thank you @bjarneo !

[bjarneo]

This is now solved.

Here is how it works: For the newest verion 5.4.1 it is possible to disable user creation, and add users yourself. When the user creation has been disabled, it still means users are allowed to sign in. More information here: https://github.com/HemmeligOrg/Hemmelig.app/issues/154