Server: Making it possible to invite friends & family (but not the whole world) to create an account

This would be something that should be implemented in an own app such as the registration app. I'd recommend asking on https://help.nextcloud.com/ whether someone has interest but like the registration app this doesn't seem to be core of Nextcloud.

To be honest I don't see why this should be implement in a seperate app and not in core; it is just another (I would say more admin-friendly) method of registering new users, compared to the current method already present in core.
Core already allows you to add an account by making a username and password, why wouldn't it let you create an account by entering an emailaddress. It's not quite a 'feature' as a 'Calendar' or 'Mail', rather a very basic admin option?

I would just like to add my support for this feature.

Since the default install supports more than one individual via multiple accounts it must be an intended function. Using the user management features requires the admin knowing each user's password (or relying on each to change it). This results in a bad situation for both parties. A simple URL invite that could be shared through any channel would be a more private and secure method of allowing users to create their account.

I can understand it not being a priority but I really do believe it belongs in core. Thanks.

I wish to have this feature, too.
Every time i add a new user i think "mail invite would be nice".
I hope we'll get this feature some day.

I agree, my company started using NextCloud, and wanted to allow for easy user registration when a client needs access to our cloud, by simply sending an email through the system. Or simply having the user request it them self and letting them register, removing the IT department and creating a self-serve environment.

This would be nice to have.

Yes this is pretty much an essential for our needs. I'd love to implement this as a secure file sharing solution for research data... but without the ability for users to invite others it's a no-go - while at the same time the registration app is too open with no ability to restrict to only approved users.

IMHO, this is part of nextcloud's main use case... with most nextcloud instances you will want to invite at least some users instead of micro-managing their creds, including transmittting passwords securely (which can be non-trivial depending on circumstances). i can only imagine the insecure ways creds are being passed around/reused right now because of the current limitation.

@LukasReschke why shouldn't this be in core? i would have thought it would be in scope from the beginning. also, from a security perspective, i think just about anything basic, having to do with user registration, should be implemented by core devs and get a look by you and any other security people. I typically won't enable any unoffical app having to do with critical core functions like user registration.
Thanks

update: someone posted the following and it works well enough for my needs. Thanks

"Set the Send email to new user-checkbox allows you to leave the Password field empty. The user will get an activation-email to set his own password."

https://docs.nextcloud.com/server/13/admin_manual/configuration_user/user_configuration.html#creating-a-new-user

The main issue I have with the registration app is users can register for the NextCloud instance if they know the registration URL. This is a really bad security. It's extremely hard for me to set up a user account because I have to create a dummy password, then send it to the user via email and walk them through how to change their password. Which causes issues if that email were to be intercepted, lost, etc.

I will also not install any unofficial app unless I can validate that it will not breach security. The downside is, I might have to move off of NextCloud due to its weak security with user registration. These features should be installed by default or at least available via an official app. I do not want a third-party creating a registration app for my server.

@LukasReschke Please take a second look at the user registration and security for NextCloud. It's a great web-based file server. It just lacks what I would think "common sense" for user registration and security.

Thank you for this hint. This is the solution i was looking for!

ChrisU

On 04.04.2018 13:12, Steffen Voß wrote:

"Set the Send email to new user-checkbox allows you to leave the
Password field empty. The user will get an activation-email to set his
own password."

https://docs.nextcloud.com/server/13/admin_manual/configuration_user/user_configuration.html#creating-a-new-user

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/nextcloud/server/issues/4359#issuecomment-378564405, or
mute the thread
https://github.com/notifications/unsubscribe-auth/AS0rhF5TErER5cY5bD5CDgAzkkhvf3Maks5tlKqRgaJpZM4M-nYK.

Its not the best solution since I want new users to choose their own username.