Feature request: Limit account creation to a specific mail domain / question

[glennie]

Hello,
I want to provide cryptpad for my internal users. As my instance is hosted on public service, I would like to limit account creation to a specific email domain (with email validation) and completely disable anonymous access.

Can this be done with the current version? Otherwise, please consider implementing this feature.

Kind regards,

PS; many thx for releasing this nice app as an open source product.

[ansuz]

Hi @glennie,

This is not currently possible with basic configuration, and it's not on our roadmap either.

We have provided a few extention points which you could hook into, but I can't say that it would be an easy process.

• config.disableAnonymousStore = true will make it so that anonymous users can continue to access the service, without the ability to store things in their drive.
• config.beforeLogin can be configured with a function which will be run before loading data for anonymous or registered users' data. You could do a lot of stuff here (custom login via SSO or anything else).
• config.afterLogin is like beforeLogin, but after.

You're not the first to request something like this, these other issues are at least tangentially related:

• Authentication with Expressjs and passport
• Add user authentication with different backends
• is it possible to disable the signup option
• implement two-factor authentication

On our side, every time we introduce a feature we have to consider not just the time it will take to implement it, but also the time required to maintain it in perpetuity. Once people start using it, if we ever decide to deprecate it, we could be responsible for breaking their instances. We take that seriously even if we aren't liable for it.

We're in the best position to implement a feature like this, as we know the codebase well. Without proper funding, however, we're unlikely to prioritize this over the many features which could directly benefit average users.

If all the administrators that desired this for their own instance were able to contribute a relatively small amount of money, the results of the sponsored development would be available to the entire open-source community.

In any case, we're open to discussing options.

[glennie]

Hi,
Thanks for you reply.
disableAnonymousStore isn't mentioned in the default configuration file (thx for the pointer). We've already setup a filter based on IP to grant access to the hosted cryptpad access. I will stick with these options for now.

As I'm not able to contribute with code, I will try contribute with small amount of money.

Kind regards,

[ansuz]

If you're going to donate via the opencollective campaign, you can leave a note saying what features you'd like to fund. There's a roadmap listed there, but we can always adjust it if it doesn't match contributors' needs.

[spinus]

Opening registration for email domain can be dangerous thing, would not recommend. Best thing is to setup users manually or from SSO.

[ansuz]

We have no plans to implement this functionality for our own instance. In the absence of any external funding we're not going to put this on our roadmap, so I'm going to close this issue.

[KiaraGrouwstra]

see #749