Change registrations to be disabled by default for new servers (#29280)

2024-02-22 14:28:19 +01:00 · 2024-02-22 14:28:19 +01:00 · b71904816a
commit b71904816a
parent 491dd97642
6 changed files with 23 additions and 2 deletions
--- a/app/javascript/packs/admin.jsx
+++ b/app/javascript/packs/admin.jsx
@ -145,6 +145,10 @@ Rails.delegate(document, '#form_admin_settings_enable_bootstrap_timeline_account
 const onChangeRegistrationMode = (target) => {
  const enabled = target.value === 'approved';

+  [].forEach.call(document.querySelectorAll('.form_admin_settings_registrations_mode .warning-hint'), (warning_hint) => {
+    warning_hint.style.display = target.value === 'open' ? 'inline' : 'none';
+  });
+
  [].forEach.call(document.querySelectorAll('#form_admin_settings_require_invite_text'), (input) => {
    input.disabled = !enabled;
    if (enabled) {
--- a/app/views/admin/settings/registrations/show.html.haml
+++ b/app/views/admin/settings/registrations/show.html.haml
@ -10,9 +10,11 @@

  %p.lead= t('admin.settings.registrations.preamble')

+  .flash-message= t('admin.settings.registrations.moderation_recommandation')
+
  .fields-row
    .fields-row__column.fields-row__column-6.fields-group
-      = f.input :registrations_mode, collection: %w(open approved none), wrapper: :with_label, include_blank: false, label_method: ->(mode) { I18n.t("admin.settings.registrations_mode.modes.#{mode}") }
+      = f.input :registrations_mode, collection: %w(open approved none), wrapper: :with_label, include_blank: false, label_method: ->(mode) { I18n.t("admin.settings.registrations_mode.modes.#{mode}") }, warning_hint: I18n.t('admin.settings.registrations_mode.warning_hint')

    .fields-row__column.fields-row__column-6.fields-group
      = f.input :require_invite_text, as: :boolean, wrapper: :with_label, disabled: !approved_registrations?
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -767,6 +767,7 @@ en:
        disabled: To no one
        users: To logged-in local users
      registrations:
+        moderation_recommandation: Please make sure you have an adequate and reactive moderation team before you open registrations to everyone!
        preamble: Control who can create an account on your server.
        title: Registrations
      registrations_mode:
@ -774,6 +775,7 @@ en:
          approved: Approval required for sign up
          none: Nobody can sign up
          open: Anyone can sign up
+        warning_hint: We recommend using “Approval required for sign up” unless you are confident your moderation team can handle spam and malicious registrations in a timely fashion.
      security:
        authorized_fetch: Require authentication from federated servers
        authorized_fetch_hint: Requiring authentication from federated servers enables stricter enforcement of both user-level and server-level blocks. However, this comes at the cost of a performance penalty, reduces the reach of your replies, and may introduce compatibility issues with some federated services. In addition, this will not prevent dedicated actors from fetching your public posts and accounts.
--- a/config/settings.yml
+++ b/config/settings.yml
@ -9,7 +9,7 @@ defaults: &defaults
  site_terms: ''
  site_contact_username: ''
  site_contact_email: ''
-  registrations_mode: 'open'
+  registrations_mode: 'none'
  profile_directory: true
  closed_registrations_message: ''
  timeline_preview: true
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@ -23,6 +23,12 @@ RSpec.configure do |config|
  config.before :suite do
    Rails.application.load_seed
    Chewy.strategy(:bypass)
+
+    # NOTE: we switched registrations mode to closed by default, but the specs
+    # very heavily rely on having it enabled by default, as it relies on users
+    # being approved by default except in select cases where explicitly testing
+    # other registration modes
+    Setting.registrations_mode = 'open'
  end

  config.after :suite do
--- a/spec/support/streaming_server_manager.rb
+++ b/spec/support/streaming_server_manager.rb
@ -102,6 +102,13 @@ RSpec.configure do |config|
    self.use_transactional_tests = false

    DatabaseCleaner.cleaning do
+      # NOTE: we switched registrations mode to closed by default, but the specs
+      # very heavily rely on having it enabled by default, as it relies on users
+      # being approved by default except in select cases where explicitly testing
+      # other registration modes
+      # Also needs to be set per-example here because of the database cleaner.
+      Setting.registrations_mode = 'open'
+
      example.run
    end