add possibility to turn off new registrations (#2017)

with LNBITS_ALLOW_NEW_ACCOUNTS=false

while keeping existing users functional (i.e. no allowlist for existing users)

.env.example

@@ -21,6 +21,9 @@ LNBITS_ADMIN_USERS=""
 # Extensions only admin can access
 LNBITS_ADMIN_EXTENSIONS="ngrok, admin"
 
+# Disable account creation for new users
+# LNBITS_ALLOW_NEW_ACCOUNTS=false
+
 # Enable Admin GUI, available for the first user in LNBITS_ADMIN_USERS if available
 # Warning: Enabling this will make LNbits ignore this configuration file. Your settings will
 # be stored in your database and you will be able to change them only through the Admin UI.

docs/guide/admin_ui.md

@@ -8,7 +8,7 @@ nav_order: 4
 Admin UI
 ========
 The LNbits Admin UI lets you change LNbits settings via the LNbits frontend.
-It is disabled by default and the first time you set the environment variable LNBITS_ADMIN_UI=true
+It is disabled by default and the first time you set the environment variable `LNBITS_ADMIN_UI=true`
 the settings are initialized and saved to the database and will be used from there as long the UI is enabled.
 From there on the settings from the database are used.
 
@@ -32,15 +32,18 @@ There is also the possibility of posting the super user via webhook to another s
 
 Admin Users
 ===========
-environment variable: LNBITS_ADMIN_USERS, comma-separated list of user ids
-Admin Users can change settings in the admin ui as well, with the exception of funding source settings, because they require e server restart and could potentially make the server inaccessable. Also they have access to all the extension defined in LNBITS_ADMIN_EXTENSIONS.
+environment variable: `LNBITS_ADMIN_USERS`, comma-separated list of user ids
+Admin Users can change settings in the admin ui as well, with the exception of funding source settings, because they require e server restart and could potentially make the server inaccessable. Also they have access to all the extension defined in `LNBITS_ADMIN_EXTENSIONS`.
 
 
 Allowed Users
 =============
-environment variable: LNBITS_ALLOWED_USERS, comma-separated list of user ids
+environment variable: `LNBITS_ALLOWED_USERS`, comma-separated list of user ids
 By defining this users, LNbits will no longer be usable by the public, only defined users and admins can then access the LNbits frontend.
 
+Setting this environment variable also disables account creation.
+Account creation can be also disabled by setting `LNBITS_ALLOW_NEW_ACCOUNTS=false`
+
 
 How to activate
 =============

lnbits/core/templates/core/index.html

@@ -3,6 +3,7 @@
 {% endblock %} {% block page %}
 <div class="row q-col-gutter-md justify-center">
   <div class="col-12 col-md-7 col-lg-6 q-gutter-y-md">
+    {% if lnurl or LNBITS_NEW_ACCOUNTS_ALLOWED %}
     <q-card>
       <q-card-section>
         {% if lnurl %}
@@ -14,7 +15,7 @@
           href="{{ url_for('core.lnurlwallet') }}?lightning={{ lnurl }}"
           v-text="$t('press_to_claim')"
         ></q-btn>
-        {% else %}
+        {% elif LNBITS_NEW_ACCOUNTS_ALLOWED %}
         <q-form @submit="createWallet" class="q-gutter-md">
           <q-input
             filled
@@ -33,6 +34,7 @@
         {% endif %}
       </q-card-section>
     </q-card>
+    {% endif %}
 
     <q-card>
       <q-card-section>

lnbits/core/views/api.py

@@ -172,7 +172,7 @@ async def api_create_wallet(
 
 @api_router.post("/api/v1/account", response_model=Wallet)
 async def api_create_account(data: CreateWallet) -> Wallet:
-    if len(settings.lnbits_allowed_users) > 0:
+    if not settings.new_accounts_allowed:
         raise HTTPException(
             status_code=HTTPStatus.BAD_REQUEST,
             detail="Account creation is disabled.",

lnbits/helpers.py

@@ -51,6 +51,7 @@ def template_renderer(additional_folders: Optional[List] = None) -> Jinja2Templa
     t.env.globals["LNBITS_THEME_OPTIONS"] = settings.lnbits_theme_options
     t.env.globals["LNBITS_QR_LOGO"] = settings.lnbits_qr_logo
     t.env.globals["LNBITS_VERSION"] = settings.version
+    t.env.globals["LNBITS_NEW_ACCOUNTS_ALLOWED"] = settings.new_accounts_allowed
     t.env.globals["LNBITS_ADMIN_UI"] = settings.lnbits_admin_ui
     t.env.globals["LNBITS_NODE_UI"] = (
         settings.lnbits_node_ui and get_node_class() is not None

lnbits/settings.py

@@ -35,6 +35,11 @@ class LNbitsSettings(BaseModel):
 class UsersSettings(LNbitsSettings):
     lnbits_admin_users: List[str] = Field(default=[])
     lnbits_allowed_users: List[str] = Field(default=[])
+    lnbits_allow_new_accounts: bool = Field(default=True)
+
+    @property
+    def new_accounts_allowed(self) -> bool:
+        return self.lnbits_allow_new_accounts and len(self.lnbits_allowed_users) == 0
 
 
 class ExtensionsSettings(LNbitsSettings):