Prevent external users joining gitea instance
-
wrote on Jul 29, 2024, 1:42 PM last edited by
We have started getting random repositories / users appear in our gitea instance, eg "AccidentInjuryLawyers". Before that, we had a sofa company. It looks like spam, I have to keep deleting them. How to prevent such signups?
-
App Devwrote on Jul 29, 2024, 2:36 PM last edited by fbartels Jul 29, 2024, 2:41 PM
You have this "sign in with oauth" button on your Gitea which, allows anybody that has an account on gitea.com to login and create an account on your instance.
Edit: because of missing configuration that sign in button actually does not work (I just tested it now).
If this instance is only supposed to be for you, you should also disabled registration in your gitea. the config option can be found in https://docs.gitea.com/next/administration/config-cheat-sheet#service-service and https://docs.cloudron.io/apps/gitea/ explains how to modify your gitea configuration.
Edit2: I could confirm that with the gitea signup url (/user/sign_up) it is indeed possible to create an account on your system.
-
wrote on Aug 3, 2024, 11:43 AM last edited by
Thankyou! This fixed it up.
-
wrote on Aug 19, 2024, 9:17 AM last edited by SansGuidon Aug 20, 2024, 9:07 PM
I've also lost quite some time kicking accounts and repositories,
in the end I've combined some of the options below (don't forget the[service]section marker and also restart after the changes !)[service] DISABLE_REGISTRATION = True REGISTER_MANUAL_CONFIRM = True EMAIL_DOMAIN_ALLOWLIST = XX_your_domain_here_XX,cloudron.local DEFAULT_USER_IS_RESTRICTED = TrueIt's overkill if all are used at the same time, but depending on the needs and paranoia, it can be useful
