Disable User Account Creation
Contents
- Disable User Account Creation
- Solution for 1.9
- Solution for 1.9 to only allow superusers to create new accounts
- Solution for 1.7 and 1.8
- Solution for 1.6
- Solution for 1.5
- The clean solution
- The quick & dirty solution
- Another solution
- Another simple workaround (tested in release 1.5.6)
- Related Issues
- Discussion
Generally wiki's appear as public places where many people can collaborate. However, disabling user creation can be helpful.
Disabling user account creation is helpful when:
- Setting up a personal wiki (Only the owner should have a login)
- Authenticating against LDAP / Active Directory. (No need for new accounts)
Create an option to disable new user creation. Possibly allow only the admin the rights to create users.
This feature would be useful to users who want to run a personal wiki. Moinmoin is a great wiki and many (like me) would like to choose it for a personal wiki, however this feature is missing.
It should be noted that currently there's a very easy way to accomplish that, but it's not optimal and a better solution (integrated in the interface or in the wikiconfig.py file) should be made.
Solution for 1.9
Disable the 'newaccount' action by adding it to 'actions_excluded' in your wiki's config:
# stop new accounts being created
import MoinMoin.config.multiconfig # if not already included in your config file
actions_excluded = MoinMoin.config.multiconfig.DefaultConfig.actions_excluded + ['newaccount']You will get the message "unknown action newaccount" when trying to make a new account.
Solution for 1.9 to only allow superusers to create new accounts
Create a new authentication class MyAuth (myauth.py) derived from MoinAuth where there is no link in the login form to the newaccount action (line 12 from MoinAuth is commented out).
1 from MoinMoin import log 2 logging = log.getLogger(__name__) 3 4 from MoinMoin.auth import BaseAuth, GivenAuth, MoinAuth 5 from MoinMoin import user, wikiutil 6 7 class MyAuth(MoinAuth): 8 """ handle login from moin login form """ 9 10 def login_hint(self, request): 11 _ = request.getText 12 #userprefslink = request.page.url(request, querystr={'action': 'newaccount'}) 13 sendmypasswordlink = request.page.url(request, querystr={'action': 'recoverpass'}) 14 return _('<a href="%(sendmypasswordlink)s">Password vergessen?</a>') % { 15 'sendmypasswordlink': sendmypasswordlink}
- use the new Class in your wikiconfig
from MoinMoin.auth.myauth import MyAuth auth = [MyAuth()]
Overwrite the newaccount action with your own and copy newaccount.py in your plugin_dirs and allow only superusers to execute the action.
Changes in the newaccount (newaccount.py) action beginning from line 166:or alternatively, if e.g only users from AdminGroup are allowed to add users:
- Create a wiki page with the new newaccount action and try out with some accounts (superuser and "normal" user).
<<Action(newaccount)>>
Solution for 1.7 and 1.8
Disable the 'newaccount' action by adding it to 'actions_excluded' in your wiki's config:
# stop new accounts being created
actions_excluded = DefaultConfig.actions_excluded + ['newaccount']
Workaround to only allow trusted people to add new users
Configure your wiki as above. The idea is to set up another restricted instance of the wiki using the same user_dir which doesn't exclude 'newaccount'.
Lazy Config
newaccount-mywiki.py
from mywikiconfigfilename import Config as MainConfig
class Config(MainConfig)
actions_excluded = ['recoverpass']
#Overwrites ['newaccount']. Stops password requests which would include url of newaccount-wiki.
#data_dir and user_dir inherited(It might be sensible to exclude all actions that can change non-user data.) You then need to update wikis in farmconfig.py or similar and configure your webserver - If you're using Apache you probably need a ScriptAlias/ReWriteRule and mod_auth_digest, Allow or similar to secure it. -- Ro 2009-02-03 01:53:07
Solution for 1.6
- Create your first and only user
Edit your wiki's userform.py ex: /usr/local/share/lib/python2.5/site-packages/MoinMoin
Change this:
if newuser:
if not password:
return _("Please specify a password!", formatted=False)
pw_checker = self.request.cfg.password_checker
if pw_checker:
pw_error = pw_checker(theuser.name, password)
if pw_error:
return _("Password not acceptable: %s", formatted=False) % pw_errorto this:
if newuser:
return _("New User Account Creation Disabled.", formatted=False)
# if not password:
# return _("Please specify a password!", formatted=False)
# pw_checker = self.request.cfg.password_checker
# if pw_checker:
# pw_error = pw_checker(theuser.name, password)
# if pw_error:
# return _("Password not acceptable: %s", formatted=False) % pw_errorOptional: comment out the create button in MoinMoin/userform.py.
note: it's quick and not so dirty, however, it would be much nicer if we could set a simple option in our wiki instance's wikiconfig.py, and put an IF above instead of simply breaking the program flow with a RETURN.
shared wiki note: because this change is happening in the system wide MoinMoin files, this will essentially disable newuser on ALL sites using that file.
Solution for 1.5
- Create your first and only user
Edit your wiki's userform.py ex: /usr/local/share/lib/python2.5/site-packages/MoinMoin
Change this:
if (form.has_key('create') or
form.has_key('create_only') or
form.has_key('create_and_mail')):
if self.request.request_method != 'POST':
return _("Use UserPreferences to change your settings or create an account.")to this:
if (form.has_key('create') or
form.has_key('create_only') or
form.has_key('create_and_mail')):
return _("User registration is disabled.")
if self.request.request_method != 'POST':
return _("Use UserPreferences to change your settings or create an account.")In other words add the line: return _("User registration is disabled.") after the if statement.
I have only tested this with 1.5.9 but I'm hoping all previous 1.5 versions contain similar code.
The clean solution
- Create your first and only user
Add an action named userform.py in your wiki plugin/action/ directory
Optional: comment out the create button in MoinMoin/userform.py.
Tested with 1.5.2
For 1.6.0 try this version:
The quick & dirty solution
chmod -w <yourwiki>/data/user
That will prevent new users being created, but will also throw an exception error if you try to create one. That exception can be handled easily in the code. Just edit the file .../lib/python2.x/site-packages/MoinMoin/userform.py and change the line:
# save data theuser.save()
to look like:
# save data
try:
theuser.save()
except IOError:
return _("User registration is disabled")and a nice message will be shown in the page stating that user creation is disabled. But it will only show the message after the user have filled the form of user creation and tried to submit it (which is not optimal, as said).
If you need to create a new user, or need to let a new user registrate himself in, just chmod +w the user dir, and after chmod -w it again.
this does prevent users to change theire settings too.
Another solution
I'm not an expert on Moin and not a good programmer at all - so there are certainly better, cleaner solutions for that.
![/!\](/moin_static19/modernized/img/alert.png "/!\"){kind=small}
Solution is to use acls, wikiconfig has no option for this at the moment and I am not sure if it could be done easily from there. It should be easy for fcgi server too.
In wikiconfig.py I granted myself all rights, visitors are only allowed to read
acl_rights_before = u"OliverSiemoneit:read,write,delete,revert,admin" acl_rights_default = u"All:read"
Then I openend in underlay/pages/userpreferences/revisions the file 000001 with some texteditor and changed the acls there
#acl MoinPagesEditorGroup:read,write,delete,revert OliverSiemoneit:read All:
you do have set the admin acl right so you can do this from the browser window too. Of course in a new revision but then you are able to change it again. May be you should add at least that macro SendAccountMail.py from FeatureRequests/LoginHintToSendPasswordonlyWithoutUserCreation to a page and add it to the navi_bar otherwise it could be fanny to tell a user his password. This page has to get the acl rights read for All.
Instead of acl_rights_default = u"All:read" you should set up a UserGroup in the wiki and do add there all users who should be able to read and then set acl_rights_default = u"UserGroup:read" So you can add in the wiki the users or remove some. Of course you could have much more groups and you could add a whole group to UserGroup. May be the parser SortText from ParserMarket/SortText could be usefull if it becomes a large list.
users could be created then from the moin command. May be this patch is interesting too FeatureRequests/MoinSendMailAndCreateShouldCreateAlwaysAPassword
Check FixLeaks (may be some 3rd party plugins need changes too)
some more hints on ReimarBauer/ModeratedWikiRules too
That worked for me - but I haven't spent a lot of thoughts on the pros and cons of this "ugly" solution. Some problems might be: If you've installed different language packets you have to make sure to change the acls on the according "userpreferences pages" either to have no backdoors for account creation. Also creation of new user accounts is a problem. Or to make it more clear: it's not possible anymore. As OliverSiemoneit I can read the UserPreferences page, but entering a new username and pwd changes the existing account and does not create a new one (Question: does this behaviour make sense, i.e. renaming the existing account rather than creating a new one?). -- OliverSiemoneit 2006-11-11 19:02:06
Another simple workaround (tested in release 1.5.6)
Although it appears (thanks to OliverSiemoneit's excellent work and patches on this topic submitted to FeatureRequests) that in an upcoming MoinMoin release soon the situation in this regard will be much improved, I thought it was still worth it in the meantime to post the simple method I'm currently using. This is only meaningful if anonymous users can't write pages, but I expect that's the case anyway if you're trying to disable user creation.
Simply comment out the indicated line in userform.py (this snippet is from MoinMoin-1.5.6:
else: # not logged in
# Login / register interface
buttons = [
# IMPORTANT: login should be first to be the default
# button when a user hits ENTER.
#('login', _('Login')), # we now have a Login macro
('create', _('Create Profile')), ###### COMMENT OUT THIS ONE
('cancel', _('Cancel')),
]and then on some page (whose access you control), add a [[UserPreferences(createonly)]] macro. Now as far as I can see only users who have the ability to read the page you've made, or write any page (to add such a macro) can create users. -- GlenWhitney 2007-1-12
Related Issues
Patch for FeatureRequests/MakeInvitations which allows a wikiadmin to invite users to participate in a wiki, i.e. to create an account and sent them their login and password and a link for login. This feature is especially helpful if you have user creation disabled in non-public wikis or in wikis you want to controll who participates..
Discussion
May be it is a good idea to collect a bit more here and afterwards we could create from that a nice Howto page 
-- ReimarBauer 2006-11-11 20:01:04