Add admin setting to disable user registration - Complete #170

app/Http/Controllers/Auth/RegisterController.php

@@ -2,11 +2,13 @@
 
 namespace App\Http\Controllers\Auth;
 
+use App\Facades\Settings;
 use App\Http\Controllers\Controller;
 use App\Http\Requests\UserStoreRequest;
 use App\Models\User;
 use Illuminate\Auth\Events\Registered;
 use Illuminate\Foundation\Auth\RegistersUsers;
+use Illuminate\Http\Response;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Log;
 
@@ -32,6 +34,10 @@ class RegisterController extends Controller
      */
     public function register(UserStoreRequest $request)
     {
+        if (Settings::get('disableRegistration') == true) {
+            return response()->json(['message' => 'forbidden'], Response::HTTP_FORBIDDEN);
+        }
+
         $validated = $request->validated();
 
         event(new Registered($user = $this->create($validated)));

config/2fauth.php

@@ -69,6 +69,7 @@ return [
         'checkForUpdate' => true,
         'lastRadarScan' => 0,
         'latestRelease' => false,
+        'disableRegistration' => false,
     ],
 
     /*

resources/js/views/auth/Login.vue

@@ -30,7 +30,7 @@
                 <p >{{ $t('auth.sign_in_using') }}&nbsp;
                     <a id="lnkSignWithWebauthn" role="button" class="is-link" @keyup.enter="toggleForm" @click="toggleForm" tabindex="0" :aria-label="$t('auth.sign_in_using_security_device')">{{ $t('auth.webauthn.security_device') }}</a>
                 </p>
-                <p class="mt-4">{{ $t('auth.forms.dont_have_account_yet') }}&nbsp;<router-link id="lnkRegister" :to="{ name: 'register' }" class="is-link">{{ $t('auth.register') }}</router-link></p>
+                <p v-if="this.$root.appSettings.disableRegistration == false" class="mt-4">{{ $t('auth.forms.dont_have_account_yet') }}&nbsp;<router-link id="lnkRegister" :to="{ name: 'register' }" class="is-link">{{ $t('auth.register') }}</router-link></p>
             </div>
         </form-wrapper>
         <!-- footer -->
@@ -178,6 +178,11 @@
                 clean: true
             })
             clearInterval(this.csrfRefresher);
+
+            if (this.$root.appSettings.disableRegistration && to.name == 'register') {
+                this.$router.push({name: 'genericError', params: { err: this.$t('errors.unauthorized_legend') } })
+            }
+
             next()
         }
     }

resources/js/views/settings/Options.vue

@@ -61,6 +61,8 @@
                         <version-checker></version-checker>
                         <!-- protect db -->
                         <form-checkbox v-on:useEncryption="saveSetting('useEncryption', $event)" :form="settingsForm" fieldName="useEncryption" :label="$t('settings.forms.use_encryption.label')" :help="$t('settings.forms.use_encryption.help')" />
+                        <!-- disable registration -->
+                        <form-checkbox v-on:disableRegistration="saveSetting('disableRegistration', $event)" :form="settingsForm" fieldName="disableRegistration" :label="$t('settings.forms.disable_registration.label')" :help="$t('settings.forms.disable_registration.help')" />
                     </div>
                 </form>
             </form-wrapper>
@@ -122,6 +124,7 @@
                 settings: {
                     useEncryption: null,
                     checkForUpdate: null,
+                    disableRegistration: null,
                 },
                 layouts: [
                     { text: this.$t('settings.forms.grid'), value: 'grid', icon: 'th' },

resources/lang/en/settings.php

@@ -124,6 +124,10 @@ return [
             'label' => 'Remember group filter',
             'help' => 'Save the last group filter applied and restore it on your next visit',
         ],
+        'disable_registration' => [
+            'label' => 'Disable registration',
+            'help' => 'Prevent new user registration',
+        ],
         'never' => 'Never',
         'on_otp_copy' => 'On security code copy',
         '1_minutes' => 'After 1 minute',

tests/Feature/Http/Auth/RegisterControllerTest.php

@@ -2,6 +2,7 @@
 
 namespace Tests\Feature\Http\Auth;
 
+use App\Facades\Settings;
 use App\Models\User;
 use Illuminate\Support\Facades\DB;
 use Tests\FeatureTestCase;
@@ -126,4 +127,20 @@ class RegisterControllerTest extends FeatureTestCase
 
         $this->assertEquals(1, User::admins()->count());
     }
+
+    /**
+     * @test
+     */
+    public function test_register_is_forbidden_when_registration_is_disabled()
+    {
+        Settings::set('disableRegistration', true);
+
+        $this->json('POST', '/user', [
+            'name'                  => self::USERNAME,
+            'email'                 => self::EMAIL,
+            'password'              => self::PASSWORD,
+            'password_confirmation' => self::PASSWORD,
+        ])
+        ->assertStatus(403);
+    }
 }