New options for Allow user signups - invite only

[GameBurrow]

Feature description

Currently Allow user signups has 2 options:

• Anyone
• Disabled

We need third option - Invite only. Only allow registration for users that actually got invited.

Why would it be useful?

Currently the only way to limit user registration is by domain only. That's useful for corporations/companies/businesses where all people use same emails, but for more casual use, where people cane have different email domains (for example I have a kube cluster that is shared by me and my close friends), I have to temporarely enable registrations, so I can invite those people, which I consider a security risk. Especially considering you can't fully delete users through UI in Free tier, if some random person starts user registration process, while I have it open, it's annoying.

Additional context

Strange thing is looking at old issue reports and forum posts, it seems like you had this feature using INVITE_ONLY_SIGNUP env flag but it got removed at one point? #1892

[kasyap1234]

@maidul98 I would like to work on this issue .

[sheensantoscapadngan]

Hey @GameBurrow! When the Allow user signups option is Disabled, your users should still be able to register to the organization by clicking the invite link sent via email upon org invitation. At the moment, they will have to go through the invitation link for registration to work as expected. Let me know if you have any additional questions!

[GameBurrow]

@sheensantoscapadngan

Hey. I tried it with 2 people. When they clicked the links, it just directed them to the login page. Both of them said that and tried their links myself, can confirm. Even tried to invitie myself with secondary email and same happens.

Link format was https://vault.sepaurg.eu/signupinvite?token=[redacted]&to=[redacted]&organization_id=[redacted]

[sheensantoscapadngan]

This is indeed a bug in the signup flow. I've raised a PR to address this here.

Thank you for reporting this and for the prompt response!

[vwbusguy]

Hey @GameBurrow! When the Allow user signups option is Disabled, your users should still be able to register to the organization by clicking the invite link sent via email upon org invitation. At the moment, they will have to go through the invitation link for registration to work as expected. Let me know if you have any additional questions!

This caused problems for us today in onboarding a new user. The invited user could not complete sign up until we enabled global sign up and then disabled it again once the user had completed sign in. We also had INVITE_ONLY_STARTUP set in our environment, so this was an unexpected breaking change for us. Currently (in v0.86.1), with Sign Up disabled, you can invite a user but that user will never be able to complete the sign in process, but will be stuck on the Sign Up page with a broken form.