registration icon indicating copy to clipboard operation
registration copied to clipboard
verified publisher icon nextcloud

Restrict registration to a custom net or subnet

Open valueerrorx opened this issue 10 years ago • 8 comments

i hacked on an old implementation of this and i added a simple ip check so only users within the 10.0.0.0 net would see the registration link and are allowed to register.

self registration is super cool but i wouldn't want everybody in the world to be able to register on our school-cloud-service..

valueerrorx avatar May 19 '15 13:05 valueerrorx

Yup, I've also been planning this feature. Besides, I've also been planning to provide the feature that limits registration emails to specific domains.

pellaeon avatar May 19 '15 13:05 pellaeon

This is now implemented in v0.0.6 ! Please help test it!

pellaeon avatar Aug 28 '15 14:08 pellaeon

just tested this feature and it looks like i cant get it to accept wildcards ? is this correct?

i want to do something like this : 10.*

how would i tell OC Registration to only allow the following subnet 10.0.0.0 .. so 10.1.1.2 for example would be allowed to register?

valueerrorx avatar Sep 09 '15 14:09 valueerrorx

oooh.. i just checked the code.. you meant "mail-domains"... that's something totally different and because in my school everybody has a different emailadress it would not work.. but the "domain" in the school (our intranet) would be a way to go.. hmmm.. i guess i have to hack the code then ?!

valueerrorx avatar Sep 11 '15 07:09 valueerrorx 

          foreach ( $allowed_domains as $domain ) {
                            $maildomain=explode("@",$email)[1];
                            // valid emaildomain, everythings fine
                            if ($maildomain === $domain) {
                                $allowed=true;
                                break;
                            }
                            // valid IP, everythings fine
                            else if ( fnmatch($domain, $_SERVER['REMOTE_ADDR']) ){
                                $allowed=true;
                                break;
                            }
                    }

well.. i changed the domaincheck to also allow to enter a network range (10.2.*) or specific ip adresses..

will i run in any problems with this? once the verification link is sent there are no further domain checks.. right?

valueerrorx avatar Sep 11 '15 09:09 valueerrorx

Ah, my fault, I mistakenly closed this issue.

pellaeon avatar Sep 13 '15 09:09 pellaeon

hey man.. glad you fixed that issue i reported with the newest nextcloud release.. thank you very much..

do you think it's possible to include those line above in the next release in order to restrict registration not only to domains but also to subnets ? thx in advance..

valueerrorx avatar Sep 24 '17 20:09 valueerrorx

this small section in the file "service/registrationservice.php" makes it possible to enter something like 10.* into the "domains" field in settings and then only the internal network is allowed to register..

the full function :

public function checkAllowedDomains($email) {
		$allowed_domains = $this->config->getAppValue($this->appName, 'allowed_domains', '');
		if ( $allowed_domains !== '' ) {
			$allowed_domains = explode(';', $allowed_domains);
			$allowed = false;
			foreach ($allowed_domains as $domain) {
				$maildomain = explode("@", $email)[1];
				// valid domain, everythings fine
				if ($maildomain === $domain) {
					$allowed = true;
					break;
				}
				else if ( fnmatch($domain, $_SERVER['REMOTE_ADDR']) ){
                    $allowed=true;
                    break;
                }
			}
			return $allowed;
		}
		return true;
	}

valueerrorx avatar Sep 24 '17 20:09 valueerrorx