Add setting to disable registrations

A new services['auth'] setting is available.

DOCS/configuration.md

@@ -30,12 +30,13 @@ Pretty string sometimes prefixed to the service name. Can be empty.
 
 ### `services[]`
 
-Keys `reg`, `ns` and `ht` are required.
+Keys `auth`, `reg`, `ns` and `ht` are required.
 
 Values can be:
-* `enabled`: the service is provided as usual
-* `error`: the service is temporarily unavailable for maintenance/debugging
-* `disabled`: the service is ignored everywhere ; this installation never provides it
+* `enabled`: The service is provided as usual.
+* `no-registration` (`auth` only): Same as `enabled`, but no new account can be created.
+* `error`: For maintenance/debugging purposes, the service is temporarily unavailable. When used on the `auth` service, users can't submit any form, but this doesn't prevent already logged in SFTP users to act on the filesystem.
+* `disabled` (`reg`, `ns` and `ht` only): The service is ignored everywhere, this installation never provides it.
 
 ## `[dns]`
 

check.php

@@ -17,7 +17,7 @@ const LF = "\n";
 
 exec(CONF['dns']['kdig_path'] . ' torproject.org AAAA', $output, $return_code);
 if (preg_match('/^;; Flags: qr rd ra ad;/Dm', implode("\n", $output)) !== 1)
-	exit('Unable to do a DNSSEC-validated DNS query.');
+	exit('Unable to do a DNSSEC-validated DNS query.' . LF);
 
 if (CONF['common']['services']['ns'] === 'rest') {
 	echo 'a';

config.ini

@@ -5,6 +5,7 @@ public_domains[] = "servnest.test"
 prefix = ""
 service_name = "ServNest"
 service_emoji = "🪺"
+services[auth] = "enabled"
 services[reg] = "enabled"
 services[ns] = "enabled"
 services[ht] = "enabled"

locales/fr/C/LC_MESSAGES/messages.po

@@ -1,7 +1,7 @@
 msgid ""
 msgstr ""
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2023-05-02 19:17+0200\n"
+"POT-Creation-Date: 2023-05-10 01:29+0200\n"
 "Language: fr\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 
@@ -274,7 +274,7 @@ msgstr "Supprimer un accès"
 msgid "Delete an existing HTTP access from a subdirectory of the SFTP space"
 msgstr "Retirer un accès HTTP existant d'un sous-dossier de l'espace SFTP"
 
-#: router.php:136 view.php:39
+#: router.php:137 view.php:39
 msgid "This service is currently under maintenance. No action can be taken on it until an administrator finishes repairing it."
 msgstr "Ce service est en cours de maintenance. Aucune action ne peut être effectuée avant qu'ane administrataire termine de le réparer."
 
@@ -332,12 +332,12 @@ msgstr "Adresse IP malformée."
 msgid "Domain malformed."
 msgstr "Domaine malformé."
 
-#: fn/ns.php:40 pg-act/ns/edit.php:25
+#: fn/ns.php:31 pg-act/ns/edit.php:25
 #, php-format
 msgid "TTLs shorter than %s seconds are forbidden."
 msgstr "Les TTLs plus courts que %s secondes sont interdits."
 
-#: fn/ns.php:42 pg-act/ns/edit.php:27
+#: fn/ns.php:33 pg-act/ns/edit.php:27
 #, php-format
 msgid "TTLs longer than %s seconds are forbidden."
 msgstr "Les TTLs plus longs que %s secondes sont interdits."
@@ -371,7 +371,11 @@ msgstr "Clé de passe actuelle incorrecte."
 msgid "Password updated."
 msgstr "Clé de passe mise à jour."
 
-#: pg-act/auth/register.php:10 pg-act/auth/username.php:11
+#: pg-act/auth/register.php:4 pg-view/auth/register.php:3
+msgid "Registrations are currently closed on this installation."
+msgstr "Les inscriptions sont actuellement fermées sur cette installation."
+
+#: pg-act/auth/register.php:13 pg-act/auth/username.php:11
 msgid "This username is already taken."
 msgstr "Cet identifiant est déjà pris."
 
@@ -589,15 +593,16 @@ msgstr "L'identifiant interne du compte actuel est %s."
 msgid "New?"
 msgstr "Nouvele ?"
 
-#: pg-view/auth/login.php:1 pg-view/auth/register.php:14
+#: pg-view/auth/login.php:1 pg-view/auth/register.php:16
 msgid "Create an account"
 msgstr "Créer un compte"
 
-#: pg-view/auth/login.php:4 pg-view/auth/register.php:4 pg-view/ht/index.php:64
+#: pg-view/auth/login.php:4 pg-view/auth/register.php:6 pg-view/ht/index.php:64
 msgid "Username"
 msgstr "Identifiant"
 
-#: pg-view/auth/login.php:8 pg-view/auth/register.php:9 pg-view/ht/index.php:68
+#: pg-view/auth/login.php:8 pg-view/auth/register.php:11
+#: pg-view/ht/index.php:68
 msgid "Password"
 msgstr "Clé de passe"
 
@@ -618,7 +623,7 @@ msgstr "Mettre à jour la clé de passe"
 msgid "Already have an account?"
 msgstr "Déjà un compte ?"
 
-#: pg-view/auth/register.php:10
+#: pg-view/auth/register.php:12
 #, php-format
 msgid "Minimum %1$s characters, or %2$s characters if it contains lowercase, uppercase and digit."
 msgstr "Minimum %1$s caractères, ou %2$s caractères si elle contient minuscule, majuscule et chiffre."
@@ -652,7 +657,7 @@ msgstr "Un certificat Let's Encrypt sera obtenu."
 msgid "The domain must have the following records when the form is being processed."
 msgstr "Le domaine doit avoir les enregistrements suivant pendant le traitement du formulaire."
 
-#: pg-view/ht/add-dns.php:25 pg-view/ns/form.ns.php:8 pg-view/ns/print.php:32
+#: pg-view/ht/add-dns.php:29 pg-view/ns/form.ns.php:8 pg-view/ns/print.php:32
 #: pg-view/ns/zone-add.php:6 pg-view/reg/ds.php:8 pg-view/reg/glue.php:8
 #: pg-view/reg/glue.php:15 pg-view/reg/ns.php:8 pg-view/reg/print.php:2
 #: pg-view/reg/print.php:16 pg-view/reg/register.php:7
@@ -660,12 +665,12 @@ msgstr "Le domaine doit avoir les enregistrements suivant pendant le traitement
 msgid "Domain"
 msgstr "Domaine"
 
-#: pg-view/ht/add-dns.php:27 pg-view/ht/add-onion.php:2
+#: pg-view/ht/add-dns.php:31 pg-view/ht/add-onion.php:2
 #: pg-view/ht/add-subdomain.php:4 pg-view/ht/add-subpath.php:4
 msgid "Target directory"
 msgstr "Dossier ciblé"
 
-#: pg-view/ht/add-dns.php:36 pg-view/ht/add-onion.php:11
+#: pg-view/ht/add-dns.php:40 pg-view/ht/add-onion.php:11
 #: pg-view/ht/add-subdomain.php:13 pg-view/ht/add-subpath.php:13
 msgid "Setup access"
 msgstr "Créer l'accès"
@@ -753,36 +758,36 @@ msgstr "Configuration par <code>.htaccess</code>"
 msgid "You can change the way the HTTP server answers to requests in a directory by setting some directives in a file named <code>.htaccess</code> at the root of this directory. Only the following directives are allowed:"
 msgstr "Vous pouvez modifier la façon dont le serveur HTTP répond aux requêtes dans un dossier en indiquant des directives dans un fichier nommé <code>.htaccess</code> à la racine de ce dossier. Seules les directives suivantes sont autorisées&nbsp;:"
 
-#: pg-view/ht/index.php:161
+#: pg-view/ht/index.php:163
 msgid "Accounts capabilities"
 msgstr "Capacités des comptes"
 
-#: pg-view/ht/index.php:163
+#: pg-view/ht/index.php:165
 msgid "Testing"
 msgstr "De test"
 
-#: pg-view/ht/index.php:166 pg-view/ht/index.php:173
+#: pg-view/ht/index.php:168 pg-view/ht/index.php:175
 #, php-format
 msgid "%s of SFTP quota"
 msgstr "Quota SFTP de %s"
 
-#: pg-view/ht/index.php:166 pg-view/ht/index.php:173
+#: pg-view/ht/index.php:168 pg-view/ht/index.php:175
 msgid "<abbr title=\"gibibyte\">GiB</abbr>"
 msgstr "<abbr title=\"gibioctet\">Gio</abbr>"
 
-#: pg-view/ht/index.php:166 pg-view/ht/index.php:173
+#: pg-view/ht/index.php:168 pg-view/ht/index.php:175
 msgid "<abbr title=\"mebibyte\">MiB</abbr>"
 msgstr "<abbr title=\"mébioctet\">Mio</abbr>"
 
-#: pg-view/ht/index.php:167
+#: pg-view/ht/index.php:169
 msgid "Let's Encrypt certificate from the staging environment (not trusted by clients)"
 msgstr "Certificat Let's Encrypt de test (n'est pas reconnu par les clients)"
 
-#: pg-view/ht/index.php:170
+#: pg-view/ht/index.php:172
 msgid "Approved"
 msgstr "Approuvé"
 
-#: pg-view/ht/index.php:174
+#: pg-view/ht/index.php:176
 msgid "Stable Let's Encrypt certificates"
 msgstr "Vrai certificat Let's Encrypt"
 

locales/messages.pot

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2023-05-02 19:17+0200\n"
+"POT-Creation-Date: 2023-05-10 01:29+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -286,7 +286,7 @@ msgstr ""
 msgid "Delete an existing HTTP access from a subdirectory of the SFTP space"
 msgstr ""
 
-#: router.php:136 view.php:39
+#: router.php:137 view.php:39
 msgid "This service is currently under maintenance. No action can be taken on it until an administrator finishes repairing it."
 msgstr ""
 
@@ -344,12 +344,12 @@ msgstr ""
 msgid "Domain malformed."
 msgstr ""
 
-#: fn/ns.php:40 pg-act/ns/edit.php:25
+#: fn/ns.php:31 pg-act/ns/edit.php:25
 #, php-format
 msgid "TTLs shorter than %s seconds are forbidden."
 msgstr ""
 
-#: fn/ns.php:42 pg-act/ns/edit.php:27
+#: fn/ns.php:33 pg-act/ns/edit.php:27
 #, php-format
 msgid "TTLs longer than %s seconds are forbidden."
 msgstr ""
@@ -383,7 +383,11 @@ msgstr ""
 msgid "Password updated."
 msgstr ""
 
-#: pg-act/auth/register.php:10 pg-act/auth/username.php:11
+#: pg-act/auth/register.php:4 pg-view/auth/register.php:3
+msgid "Registrations are currently closed on this installation."
+msgstr ""
+
+#: pg-act/auth/register.php:13 pg-act/auth/username.php:11
 msgid "This username is already taken."
 msgstr ""
 
@@ -601,15 +605,16 @@ msgstr ""
 msgid "New?"
 msgstr ""
 
-#: pg-view/auth/login.php:1 pg-view/auth/register.php:14
+#: pg-view/auth/login.php:1 pg-view/auth/register.php:16
 msgid "Create an account"
 msgstr ""
 
-#: pg-view/auth/login.php:4 pg-view/auth/register.php:4 pg-view/ht/index.php:64
+#: pg-view/auth/login.php:4 pg-view/auth/register.php:6 pg-view/ht/index.php:64
 msgid "Username"
 msgstr ""
 
-#: pg-view/auth/login.php:8 pg-view/auth/register.php:9 pg-view/ht/index.php:68
+#: pg-view/auth/login.php:8 pg-view/auth/register.php:11
+#: pg-view/ht/index.php:68
 msgid "Password"
 msgstr ""
 
@@ -630,7 +635,7 @@ msgstr ""
 msgid "Already have an account?"
 msgstr ""
 
-#: pg-view/auth/register.php:10
+#: pg-view/auth/register.php:12
 #, php-format
 msgid "Minimum %1$s characters, or %2$s characters if it contains lowercase, uppercase and digit."
 msgstr ""
@@ -664,7 +669,7 @@ msgstr ""
 msgid "The domain must have the following records when the form is being processed."
 msgstr ""
 
-#: pg-view/ht/add-dns.php:25 pg-view/ns/form.ns.php:8 pg-view/ns/print.php:32
+#: pg-view/ht/add-dns.php:29 pg-view/ns/form.ns.php:8 pg-view/ns/print.php:32
 #: pg-view/ns/zone-add.php:6 pg-view/reg/ds.php:8 pg-view/reg/glue.php:8
 #: pg-view/reg/glue.php:15 pg-view/reg/ns.php:8 pg-view/reg/print.php:2
 #: pg-view/reg/print.php:16 pg-view/reg/register.php:7
@@ -672,12 +677,12 @@ msgstr ""
 msgid "Domain"
 msgstr ""
 
-#: pg-view/ht/add-dns.php:27 pg-view/ht/add-onion.php:2
+#: pg-view/ht/add-dns.php:31 pg-view/ht/add-onion.php:2
 #: pg-view/ht/add-subdomain.php:4 pg-view/ht/add-subpath.php:4
 msgid "Target directory"
 msgstr ""
 
-#: pg-view/ht/add-dns.php:36 pg-view/ht/add-onion.php:11
+#: pg-view/ht/add-dns.php:40 pg-view/ht/add-onion.php:11
 #: pg-view/ht/add-subdomain.php:13 pg-view/ht/add-subpath.php:13
 msgid "Setup access"
 msgstr ""
@@ -765,36 +770,36 @@ msgstr ""
 msgid "You can change the way the HTTP server answers to requests in a directory by setting some directives in a file named <code>.htaccess</code> at the root of this directory. Only the following directives are allowed:"
 msgstr ""
 
-#: pg-view/ht/index.php:161
+#: pg-view/ht/index.php:163
 msgid "Accounts capabilities"
 msgstr ""
 
-#: pg-view/ht/index.php:163
+#: pg-view/ht/index.php:165
 msgid "Testing"
 msgstr ""
 
-#: pg-view/ht/index.php:166 pg-view/ht/index.php:173
+#: pg-view/ht/index.php:168 pg-view/ht/index.php:175
 #, php-format
 msgid "%s of SFTP quota"
 msgstr ""
 
-#: pg-view/ht/index.php:166 pg-view/ht/index.php:173
+#: pg-view/ht/index.php:168 pg-view/ht/index.php:175
 msgid "<abbr title=\"gibibyte\">GiB</abbr>"
 msgstr ""
 
-#: pg-view/ht/index.php:166 pg-view/ht/index.php:173
+#: pg-view/ht/index.php:168 pg-view/ht/index.php:175
 msgid "<abbr title=\"mebibyte\">MiB</abbr>"
 msgstr ""
 
-#: pg-view/ht/index.php:167
+#: pg-view/ht/index.php:169
 msgid "Let's Encrypt certificate from the staging environment (not trusted by clients)"
 msgstr ""
 
-#: pg-view/ht/index.php:170
+#: pg-view/ht/index.php:172
 msgid "Approved"
 msgstr ""
 
-#: pg-view/ht/index.php:174
+#: pg-view/ht/index.php:176
 msgid "Stable Let's Encrypt certificates"
 msgstr ""
 

pg-act/auth/register.php

@@ -1,5 +1,8 @@
 <?php
 
+if (CONF['common']['services']['auth'] !== 'enabled')
+	output(403, _('Registrations are currently closed on this installation.'));
+
 checkPasswordFormat($_POST['password']);
 
 checkUsernameFormat($_POST['username']);

pg-view/auth/register.php

@@ -1,5 +1,7 @@
 <p><?= _('Already have an account?') ?> <a href="login"><?= _('Log in') ?></a></p>
 
+<?= (CONF['common']['services']['auth'] !== 'enabled') ? '<p><strong>' . _('Registrations are currently closed on this installation.') . '</strong></p>' : '' ?>
+
 <form method="post">
 	<label for="username"><?= _('Username') ?></label>
 	<br>
@@ -11,5 +13,6 @@
 	</details>
 	<input autocomplete="new-password" id="password" minlength="8" maxlength="1024" pattern="<?= PASSWORD_REGEX ?>" required="" name="password" type="password" placeholder="<?= PLACEHOLDER_PASSWORD ?>">
 	<br>
-	<input type="submit" value="<?= _('Create an account') ?>">
+	<input<?= (CONF['common']['services']['auth'] !== 'enabled') ? ' disabled=""' : '' ?> type="submit" value="<?= _('Create an account') ?>">
 </form>
+

pg-view/index.php

@@ -2,8 +2,8 @@
 	<dl>
 <?php
 
-foreach (array_merge(['auth' => 'enabled'], CONF['common']['services']) as $service => $status) {
-	if ($status !== 'enabled' AND $status !== 'error')
+foreach (CONF['common']['services'] as $service => $status) {
+	if ($status === 'disabled')
 		continue;
 ?>
 		<?= ($status === 'error') ? '<s>' : '' ?>

router.php

@@ -133,7 +133,7 @@ function displayFinalMessage($data) {
 }
 
 if ($_POST !== []) {
-	if (in_array(SERVICE, SERVICES_USER, true) AND CONF['common']['services'][SERVICE] !== 'enabled')
+	if (!in_array(CONF['common']['services']['auth'], ['enabled', 'no-registration'], true) OR (in_array(SERVICE, SERVICES_USER, true) AND CONF['common']['services'][SERVICE] !== 'enabled'))
 		output(503, _('This service is currently under maintenance. No action can be taken on it until an administrator finishes repairing it.'));
 
 	// Protect against cross-site request forgery if a POST request is received

view.php

@@ -35,7 +35,7 @@ echo str_repeat('</li></ul>', count(TITLES_LINEAGE));
 		<main>
 <?php
 
-if (in_array(SERVICE, SERVICES_USER, true) AND CONF['common']['services'][SERVICE] === 'error')
+if (CONF['common']['services']['auth'] === 'error' OR (in_array(SERVICE, SERVICES_USER, true) AND CONF['common']['services'][SERVICE] === 'error'))
 	echo '<p><strong>' . _('This service is currently under maintenance. No action can be taken on it until an administrator finishes repairing it.') . '</strong></p>';
 
 require ROOT_PATH . '/pg-view/' . PAGE_ADDRESS . '.php';