github-starred/vaultwarden
2
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-03-11 17:41:29 -05:00
Code Issues 79 Packages Projects Releases 78 Wiki Activity

Implement poor man's invitation-only registration #3651

New Issue
Closed
opened 2026-03-07 19:01:25 -06:00 by GiteaMirror · 10 comments
GiteaMirror commented 2026-03-07 19:01:25 -06:00
Owner
Copy Link

Originally created by @mprasil on GitHub (Jun 12, 2018).

In current state one can either enable or disable user registration. I think it should be possible to implement some exception to the rule:

Admin and Owner of the Organization should be able to invite users not currently registered. For these special record would be made (possibly in a separate table?) that would allow registration of an user with specified email even if the registration is otherwise turned off. That way admin could turn off the self-registration, but he could still invite users if needed without having to restart Bitwarden to enable/disable it as it is implemented right now.

I'm not sure if I understand the invitation process on the client side properly, but I think it shouldn't clash with how it works right now.

Any thoughts?

Originally created by @mprasil on GitHub (Jun 12, 2018). In current state one can either enable or disable user registration. I think it should be possible to implement some exception to the rule: Admin and Owner of the Organization should be able to invite users not currently registered. For these special record would be made (possibly in a separate table?) that would allow registration of an user with specified email even if the registration is otherwise turned off. That way admin could turn off the self-registration, but he could still invite users if needed without having to restart Bitwarden to enable/disable it as it is implemented right now. I'm not sure if I understand the invitation process on the client side properly, but I think it shouldn't clash with how it works right now. Any thoughts?
GiteaMirror added the enhancement label 2026-03-07 19:01:25 -06:00
GiteaMirror commented 2026-03-07 19:01:26 -06:00
Author
Owner
Copy Link

@dani-garcia commented on GitHub (Jun 12, 2018):

I thought about a similar solution to yours some time ago. The problem is that we don't validate emails at all, so anyone that knows the email of the invited user could register an account first.
I guess the danger of that would be pretty low, knowing the user needs to be confirmed by an admin o owner to have access to the organization, so I'm okay with implementing this as long as there is a way to disable it.

Your idea seems alright, we would need to create a table for the invites (with email, organization id, user type, and collections the user can access) and basically delay the creation of the userorganization until the user is created. The problem with this is the invites would not appear on the organization user list, because that only shows userorganization and those don't exist for the invited users yet. We could change it so it shows both the userorganization and the invites but that seems like a hack.

Another option would be to pre-create the user and mark it as disabled until the user registers and the admin confirms the invite, which to me seems like the best option, but we don't have a disabled flag in the users table and I don't feel like doing an entire migration for that (maybe we can assume that if the masterPasswordHash field is empty that means the user is disabled or something).

@dani-garcia commented on GitHub (Jun 12, 2018): I thought about a similar solution to yours some time ago. The problem is that we don't validate emails at all, so anyone that knows the email of the invited user could register an account first. I guess the danger of that would be pretty low, knowing the user needs to be confirmed by an admin o owner to have access to the organization, so I'm okay with implementing this as long as there is a way to disable it. Your idea seems alright, we would need to create a table for the invites (with email, organization id, user type, and collections the user can access) and basically delay the creation of the userorganization until the user is created. The problem with this is the invites would not appear on the organization user list, because that only shows userorganization and those don't exist for the invited users yet. We could change it so it shows both the userorganization and the invites but that seems like a hack. Another option would be to pre-create the user and mark it as disabled until the user registers and the admin confirms the invite, which to me seems like the best option, but we don't have a disabled flag in the users table and I don't feel like doing an entire migration for that (maybe we can assume that if the masterPasswordHash field is empty that means the user is disabled or something).
GiteaMirror commented 2026-03-07 19:01:27 -06:00
Author
Owner
Copy Link

@NickBusey commented on GitHub (Jun 29, 2018):

Quick question, how does one disable user registration? I don't see that option in the Readme.

@NickBusey commented on GitHub (Jun 29, 2018): Quick question, how does one disable user registration? I don't see that option in the Readme.
GiteaMirror commented 2026-03-07 19:01:27 -06:00
Author
Owner
Copy Link

@mprasil commented on GitHub (Jun 29, 2018):

Just set SIGNUPS_ALLOWED environment variable to false.

@mprasil commented on GitHub (Jun 29, 2018): Just set SIGNUPS_ALLOWED environment variable to false.
GiteaMirror commented 2026-03-07 19:01:28 -06:00
Author
Owner
Copy Link

@mprasil commented on GitHub (Jun 29, 2018):

Apologies, missclicked close.

@mprasil commented on GitHub (Jun 29, 2018): Apologies, missclicked close.
GiteaMirror commented 2026-03-07 19:01:28 -06:00
Author
Owner
Copy Link

@dani-garcia commented on GitHub (Jun 29, 2018):

What @mprasil said is correct. You can also modify the .env file if you prefer. I've added a short explanation of configuration options to the README in the last commit.

@dani-garcia commented on GitHub (Jun 29, 2018): What @mprasil said is correct. You can also modify the `.env` file if you prefer. I've added a short explanation of configuration options to the README in the last commit.
GiteaMirror commented 2026-03-07 19:01:28 -06:00
Author
Owner
Copy Link

@jakob42 commented on GitHub (Jul 10, 2018):

I would love that feature as well, but two things would mitigate the problem in a different fashion for me and might be easier:

  • Either have an option to send a notification mail to a defined admin address every time a user registers
  • Or have an option with an array of email domains allowed (my couple users would come from two domains only.)

Thanks for your work guys!

@jakob42 commented on GitHub (Jul 10, 2018): I would love that feature as well, but two things would mitigate the problem in a different fashion for me and might be easier: - Either have an option to send a notification mail to a defined admin address every time a user registers - Or have an option with an array of email domains allowed (my couple users would come from two domains only.) Thanks for your work guys!
GiteaMirror commented 2026-03-07 19:01:29 -06:00
Author
Owner
Copy Link

@mprasil commented on GitHub (Jul 10, 2018):

I like the second option, however there's a caveat that the email address is not verified in any way, so if someone figures out which domain is allowed he can still create basically infinite number of accounts.

I'd imagine, that in many cases this would be okay, but in many other cases it would be easy to guess the domain - like when the domain is well known email provider (gmail for example) or if the domain is same as where your BW server is hosted. It's kind of security by obscurity, but the truth is that it could be easy to implement and often good enough.

@mprasil commented on GitHub (Jul 10, 2018): I like the second option, however there's a caveat that the email address is not verified in any way, so if someone figures out which domain is allowed he can still create basically infinite number of accounts. I'd imagine, that in many cases this would be okay, but in many other cases it would be easy to guess the domain - like when the domain is well known email provider (gmail for example) or if the domain is same as where your BW server is hosted. It's kind of security by obscurity, but the truth is that it could be easy to implement and often good enough.
GiteaMirror commented 2026-03-07 19:01:29 -06:00
Author
Owner
Copy Link

@NickBusey commented on GitHub (Jul 10, 2018):

I would say have an array of emails OR email domains.

So I could specify gmail.com or just user@gmail.com

@NickBusey commented on GitHub (Jul 10, 2018): I would say have an array of emails OR email domains. So I could specify `gmail.com` or just `user@gmail.com`
GiteaMirror commented 2026-03-07 19:01:29 -06:00
Author
Owner
Copy Link

@ViViDboarder commented on GitHub (Jul 16, 2018):

The idea of creating "disabled" users without a master pw is pretty good. It's a little opaque, but it's easy enough to understand.

This would also make it easier to implement something like LDAP syncing where users can be created automatically and they can set their master pass on first login.

@ViViDboarder commented on GitHub (Jul 16, 2018): The idea of creating "disabled" users without a master pw is pretty good. It's a little opaque, but it's easy enough to understand. This would also make it easier to implement something like LDAP syncing where users can be created automatically and they can set their master pass on first login.
GiteaMirror commented 2026-03-07 19:01:30 -06:00
Author
Owner
Copy Link

@mprasil commented on GitHub (Sep 11, 2018):

This is now implemented and documented in #173. The docker image with latest code should be built in next two hours.

@ViViDboarder I did the implementation also with your use case in mind, I think you should be able to implement your LDAP sync script. The idea is that you fetch email addresses of all your LDAP users and for those that aren't already registered (in the users table) you can insert the email into invitations table. That way said email address can register even with SIGNUPS_ALLOWED set to false. If you get around to doing that, I'd be interested in your setup, this is something we could add to documentation.

@mprasil commented on GitHub (Sep 11, 2018): This is now implemented and documented in #173. The docker image with latest code should be [built in next two hours](https://hub.docker.com/r/mprasil/bitwarden/builds/bbheekqr9faiafcad3uspyf/). @ViViDboarder I did the implementation also with your use case in mind, I think you should be able to implement your LDAP sync script. The idea is that you fetch email addresses of all your LDAP users and for those that aren't already registered (in the `users` table) you can insert the email into `invitations` table. That way said email address can register even with `SIGNUPS_ALLOWED` set to false. If you get around to doing that, I'd be interested in your setup, this is something we could add to documentation.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
wontfix
No Label enhancement
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#3651
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?