Add user administration

[Joe136]

Hi,
I want to setup a self-hosted instance for a closed group of users. My current solution would be to hide it behind Basic-Auth but allowed users can still create random Accounts. Therefore I need an user administration, meaning only the admin can manage the users

• create new users; this can include the social-auth methods (e.g. confirm account).
• delete users
• block users (only disable login)
• no guest mode (Disable guest notes / require authentication #237)

Optional features could be

• custom names (independent of email-address/social-name) (Let guests choose their own name #268)
• user management with LDAP / PAM (Support LDAP auth #93)
  • store social-credentials in LDAP (Network, Username, ...)
• use login credentials from Basic-Auth

[jackycute]

PR welcome 😄

[Braintelligence]

I would be very happy about the ability to run hackmd self-hosted and private. I don't want everyone to be able to register and use hackmd on my server. Keep up the good work!

[k0nsl]

@Braintelligence: I agree. At the very least there should be a simple admin UI -- with ability to list all entries and most important of all: a toggle for enabling/disabling a registration feature (eg, an option to enable/disable feature such as registration, where we could have "Registration Required" for private or "Open Registration" for public).

[zeigerpuppy]

I agree, an option for disabling registration would be really useful.

[SISheogorath]

@zeigerpuppy, there is already a option to disable the registration: HMD_ALLOW_EMAIL_REGISTER

Simply set it to false.

[rriemann]

I have another idea:

Couldn't there be a setting ENFORCE_EMAIL_DOMAIN=test.local which allows only mail addresses of this domain to register?

[ccoenen]

@rriemann's proposal would probably solve most corporate-self-hosted use cases.

[SISheogorath]

Should be easy to manage. You can add an option for that here:

https://github.com/hackmdio/hackmd/blob/8ea09a8bd0a093a802a3fcb2fdac40935fa92f9e/lib/web/auth/email/index.js#L34-L45

And of course in the config directory:
https://github.com/hackmdio/hackmd/tree/master/lib/config

PRs are welcome 😄

[rriemann]

I think this is really do-able. Unfortunately, I am still stack with getting SSL to work and have to dig into that first. So I hope someone else may be able to step up to solve this already in 2017.

[SISheogorath]

I just want to add some information to this issue:

Thanks to @Nebukadneza's work it's now possible to basically manage email users.

Also it's possible to use an LDAP and SAML backend if you like. From my perspective LDAP or SAML are the better way for closed group setups, since they are stable and actually made for this, while the "local user" feature still feels half-backed and HackMD not designed for it.

We also introduced the possibility to disable the creation of notes by guests while keeping the ability to edit notes, which is maybe useful for these closed group setup when people like to share the pad with some 3rd party.

I want to mention, that HackMD EE has already added and entire user management.

CE will also get one but it probably needs some time, as everything is build during our free time and actually from my side it doesn't have such a focus on it as I disabled all local user management for HackMD on my instances.

Help is really wanted for this, so feel free to discuss, draft and file a PR for it!

[ccoenen]

i took the liberty of correcting a tiny but critical typo in your message, @SISheogorath ("not possible" -> "now possible")

[SISheogorath]

👍 Thanks, this was an important fix! I should maybe re-read my texts one more time ^^

[jaswanth098]

Hello, Everyone, I have supported allowedDomains for google OAuth
Please check this out and let me know how should I handle the case where some other domain is trying to login. Right now I'm just displaying a string Domain not allowed
ref: jaswanth098#1