Closed Bug 86029 Opened 23 years ago Closed 22 years ago

create permission restrictions for createaccount.cgi (prevent people from creating accounts)

Categories

(Bugzilla :: Administration, task, P3)

Product:
Bugzilla
Component:
Administration
Version:
2.13
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.18

People

(Reporter: timeless, Assigned: bugreport)

References

(
URL
)

Details

Attachments

(1 file)

The patch
5.11 KB, patch
burnus
: review+
Details | Diff | Splinter Review 
How can I administer such that only the adminstrator can create user login
accounts ?
Vanilla bugzilla allows anyone to create a login account.

The following possibilities should probably exist:
a. allow account creation based on email request
b. allow account creation by guests who are not logged in
c. allow account creation by people who are logged in and have some privelege

while enabling b doesn't make much sense, it might not unreasonable to 
discourage people from creating multiple accounts.

c is probably what most people want. a is probably worthy of it's own bug.

The specific privelege for C is probably the most interesting question, should 
it be something you can control by adding people to a group, or like a checkbox 
in edit users, or ...
At the moment there's just an "administrator" group.  I'm not convinced we need
a separate group for account creation.  A more useful middle-ground might be to
restrict the email addresses that can be registered through the normal account
creation process.
*** Bug 75042 has been marked as a duplicate of this bug. ***
You can already restrict the email addresses that can create accounts.  For
instance, if you only wanted people @netscape.com to be able to create accounts,
all you'd need to do is change the "emailregexp" param to:

^[^@, ]*@netscape\.com$
I said "restrict who can create accounts through the normal interface" not
"restrict who can have accounts".  AFAIK this currently can't be done.
*** Bug 87589 has been marked as a duplicate of this bug. ***
This is fairly important for a certain class of customer, so I'll move this to 2.16.
Priority: -- → P3
Target Milestone: --- → Bugzilla 2.16
-> Bugzilla product, Administration component, reassigning.
Assignee: tara → justdave
Component: Bugzilla → Administration
Product: Webtools → Bugzilla
Version: Bugzilla 2.13 → 2.13
If you just do not want that new accounts are created by sending an email,
you have to modify a single line in CGI.PL. So every account has to be created 
by users with the "create user"-permission:

sub confirm_login {
    my ($nexturl) = (@_);

# Uncommenting the next line can help debugging...
#    print "Content-type: text/plain\n\n";

    ConnectToDatabase();
    # I'm going to reorganize some of this stuff a bit.  Since we're adding
    # a second possible validation method (LDAP), we need to move some of this
    # to a later section.  -Joe Robins, 8/3/00
    my $enteredlogin = "";
    my $realcryptpwd = "";
    if (defined $::FORM{"Bugzilla_login"} &&
        defined $::FORM{"Bugzilla_password"}) {

       $enteredlogin = $::FORM{"Bugzilla_login"};
       my $enteredpwd = $::FORM{"Bugzilla_password"};
       CheckEmailSyntax($enteredlogin);

       $realcryptpwd  = PasswordForLogin($::FORM{"Bugzilla_login"});

       if (defined $::FORM{"PleaseMailAPassword"}) {
         my $realpwd;
         if ($realcryptpwd eq "") {

>>>
#          $realpwd = InsertNewUser($enteredlogin, "");     
           $realpwd = "\n\no account created!\n\n please contact the webmaster";
<<<

         } else {
           SendSQL("select password from profiles where login_name = " .
                   SqlQuote($enteredlogin));
           $realpwd = FetchOneColumn();
         }
         print "Content-type: text/html\n\n";
         PutHeader("Password has been emailed");
         MailPassword($enteredlogin, $realpwd);
         PutFooter();
         exit;
       }
We are currently trying to wrap up Bugzilla 2.16.  We are now close enough to
release time that anything that wasn't already ranked at P1 isn't going to make
the cut.  Thus this is being retargetted at 2.18.  If you strongly disagree with
this retargetting, please comment, however, be aware that we only have about 2
weeks left to review and test anything at this point, and we intend to devote
this time to the remaining bugs that were designated as release blockers.
Target Milestone: Bugzilla 2.16 → Bugzilla 2.18
Summary: create permission restrictions for createaccount.cgi → create permission restrictions for createaccount.cgi (prevent people from creating accounts)
*** Bug 140678 has been marked as a duplicate of this bug. ***
This should work as follows:

- have a parameter that contains the createemailregexp.
- some special value or another parameter will block creation entirely, removing
account creation links and locking off the CGI.
- if you try to create an account the matches emailregexp but not
createemailregexp it should give a message saying only administrators can create
an account with this address.
Attached patch The patchSplinter Review 

    
  

        Attachment #107661 -
        Flags: review?(justdave)

    
    

    
  
-->me
Assignee: justdave → bugreport

    
    

    
  
Comment on attachment 107661 [details] [diff] [review]
The patch

r=burnus

user-error.html.tmpl
>+    
Nit: Remove those four spaces.

        Attachment #107661 -
        Flags: review?(justdave) → review+

    
  
Status: NEW → ASSIGNED
Flags: approval?
Flags: approval? → approval+

    
    

    
  
checked in

Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
QA Contact: matty_is_a_geek → default-qa

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: