Prevent external users joining gitea instance
-
You have this "sign in with oauth" button on your Gitea which, allows anybody that has an account on gitea.com to login and create an account on your instance.
Edit: because of missing configuration that sign in button actually does not work (I just tested it now).
If this instance is only supposed to be for you, you should also disabled registration in your gitea. the config option can be found in https://docs.gitea.com/next/administration/config-cheat-sheet#service-service and https://docs.cloudron.io/apps/gitea/ explains how to modify your gitea configuration.
Edit2: I could confirm that with the gitea signup url (/user/sign_up) it is indeed possible to create an account on your system.
-
I've also lost quite some time kicking accounts and repositories,
in the end I've combined some of the options below (don't forget the[service]section marker and also restart after the changes !)[service] DISABLE_REGISTRATION = True REGISTER_MANUAL_CONFIRM = True EMAIL_DOMAIN_ALLOWLIST = XX_your_domain_here_XX,cloudron.local DEFAULT_USER_IS_RESTRICTED = TrueIt's overkill if all are used at the same time, but depending on the needs and paranoia, it can be useful
-
I infogulch referenced this topic
-
+1 to "change the app so that the default is a disabled registration". I just had a big mess to clean up because of this. https://forum.cloudron.io/topic/14053/clean-up-external-users-that-have-accessed-gitea-instance
At the very least these configs should be mentioned in the admin checklist.
-
@girish could you please have a look at the suggestions here above about disabling registration by default to prevent spam?
-
Isn't it already false by default ? https://git.cloudron.io/packages/gitea-app/-/blob/master/app.ini.template?ref_type=heads#L78
@joseph said in Prevent external users joining gitea instance:
Isn't it already false by default ? https://git.cloudron.io/packages/gitea-app/-/blob/master/app.ini.template?ref_type=heads#L78
I believe the flag should be set to True not False to block spam
-
@joseph said in Prevent external users joining gitea instance:
Isn't it already false by default ? https://git.cloudron.io/packages/gitea-app/-/blob/master/app.ini.template?ref_type=heads#L78
I believe the flag should be set to True not False to block spam
Not sure what i was thinking... Which makes me wonder how come I didn't find any registration button .