From 95808a3cfde46bdfd345de21d44a222051cf71ba Mon Sep 17 00:00:00 2001 From: Gergely Nagy Date: Tue, 28 May 2024 08:53:31 +0200 Subject: [PATCH 1/3] install: Make "Disable self-registration" more prominent Having an instance with open registration requires work, otherwise it will be overrun by spammers of all kinds. Yet, the setting to disable open registration on the installation page is hidden behind "optional settings", a place hardly anyone ever looks. To improve the situation, lift the setting out of that, and place it more prominently, just above the update checker setting. Partially addresses #3925. Signed-off-by: Gergely Nagy --- templates/install.tmpl | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/templates/install.tmpl b/templates/install.tmpl index 682e1e6511..6e537d2477 100644 --- a/templates/install.tmpl +++ b/templates/install.tmpl @@ -147,6 +147,12 @@ {{ctx.Locale.Tr "install.log_root_path_helper"}} +
+
+ + +
+
@@ -227,12 +233,6 @@
-
-
- - -
-
From 9fc61cae484d4a7ec493b99d49d9a702ecadb28f Mon Sep 17 00:00:00 2001 From: Gergely Nagy Date: Tue, 28 May 2024 08:57:30 +0200 Subject: [PATCH 2/3] install: Force DisableRegistration on during install When installing Forgejo via the on-line installer, force DisableRegistration to true, to discourage creating instances with open registration. Because open registration requires constant vigil to fight off spammers of all kinds, it is not a great default. It should be a conscious decision. This change is made in an effort to make the choice of running an instance with open registration a conscious choice, rather than simply the default. Partially addresses #3925. Signed-off-by: Gergely Nagy --- routers/install/install.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routers/install/install.go b/routers/install/install.go index b84d77cfc2..8f4fafa6f5 100644 --- a/routers/install/install.go +++ b/routers/install/install.go @@ -151,7 +151,7 @@ func Install(ctx *context.Context) { form.EnableOpenIDSignIn = setting.Service.EnableOpenIDSignIn form.EnableOpenIDSignUp = setting.Service.EnableOpenIDSignUp - form.DisableRegistration = setting.Service.DisableRegistration + form.DisableRegistration = true // Force it to true, for the installation, to discourage creating instances with open registration, which invite all kinds of spam. form.AllowOnlyExternalRegistration = setting.Service.AllowOnlyExternalRegistration form.EnableCaptcha = setting.Service.EnableCaptcha form.RequireSignInView = setting.Service.RequireSignInView From 6b24a7919d7acef931c62f0bc6f3678c150c3836 Mon Sep 17 00:00:00 2001 From: Gergely Nagy Date: Fri, 31 May 2024 08:21:55 +0200 Subject: [PATCH 3/3] Add a release note about the previous changes Signed-off-by: Gergely Nagy --- release-notes/8.0.0/3934.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 release-notes/8.0.0/3934.md diff --git a/release-notes/8.0.0/3934.md b/release-notes/8.0.0/3934.md new file mode 100644 index 0000000000..d6e7dd63e7 --- /dev/null +++ b/release-notes/8.0.0/3934.md @@ -0,0 +1 @@ +When installing Forgejo through the built-in installer, open (self-) registration is now disabled by default.