Prevent external users joining gitea instance
-
We have started getting random repositories / users appear in our gitea instance, eg "AccidentInjuryLawyers". Before that, we had a sofa company. It looks like spam, I have to keep deleting them. How to prevent such signups?
-
You have this "sign in with oauth" button on your Gitea which, allows anybody that has an account on gitea.com to login and create an account on your instance.
Edit: because of missing configuration that sign in button actually does not work (I just tested it now).
If this instance is only supposed to be for you, you should also disabled registration in your gitea. the config option can be found in https://docs.gitea.com/next/administration/config-cheat-sheet#service-service and https://docs.cloudron.io/apps/gitea/ explains how to modify your gitea configuration.
Edit2: I could confirm that with the gitea signup url (/user/sign_up) it is indeed possible to create an account on your system.
-
I've also lost quite some time kicking accounts and repositories,
in the end I've combined some of the options below (don't forget the[service]
section marker and also restart after the changes !)[service] DISABLE_REGISTRATION = True REGISTER_MANUAL_CONFIRM = True EMAIL_DOMAIN_ALLOWLIST = XX_your_domain_here_XX,cloudron.local DEFAULT_USER_IS_RESTRICTED = True
It's overkill if all are used at the same time, but depending on the needs and paranoia, it can be useful