51679d1943
- Full PWA support with offline capabilities - Comprehensive search across songs, playlists, and channels - Offline playlist manager with download tracking - Pre-built frontend for zero-build deployment - Docker-based deployment with docker compose - Material-UI dark theme interface - YouTube audio download and management - Multi-user authentication support
6.1 KiB
User Registration Policy
Public Registration Status: DISABLED ❌
Public user registration is disabled in SoundWave. This is a security feature for multi-tenant deployments.
User Creation
Admin-Only User Creation
Only administrators can create new user accounts through:
-
Django Admin Panel:
http://localhost:8888/admin/user/account/add/ -
REST API (Admin only):
POST /api/user/admin/users/ { "username": "newuser", "email": "user@example.com", "password": "SecurePass123", "password_confirm": "SecurePass123", "storage_quota_gb": 50, "max_channels": 50, "max_playlists": 100, "is_admin": false, "is_active": true } -
Frontend Admin Panel:
- Navigate to Admin Users page
- Click "Create User" button
- Fill in user details and resource quotas
Django Management Command
Admins can also use Django management commands:
# Create regular user
python manage.py createsuperuser
# Or use shell
python manage.py shell
>>> from user.models import Account
>>> user = Account.objects.create_user(
... username='john_doe',
... email='john@example.com',
... password='SecurePass123'
... )
>>> user.storage_quota_gb = 100
>>> user.max_channels = 75
>>> user.save()
Attempted Public Registration
If someone attempts to access the registration endpoint:
Request:
POST /api/user/register/
{
"username": "newuser",
"email": "user@example.com",
"password": "password123"
}
Response (403 Forbidden):
{
"error": "Public registration is disabled",
"message": "New users can only be created by administrators. Please contact your system administrator for account creation."
}
Configuration
Registration policy is controlled in config/user_settings.py:
# Public registration disabled - only admins can create users
ALLOW_PUBLIC_REGISTRATION = False
To Enable Public Registration (Not Recommended)
If you need to enable public registration for testing or specific use cases:
-
Edit
config/user_settings.py:ALLOW_PUBLIC_REGISTRATION = True -
Implement registration logic in
user/views.pyRegisterView -
Add frontend registration form (not included by default)
⚠️ Warning: Enabling public registration bypasses the multi-tenant security model and allows anyone to create accounts.
Security Benefits
Why Registration is Disabled
- Resource Control: Admins control who gets accounts and resource quotas
- Quality Control: Prevents spam accounts and abuse
- Multi-Tenancy: Each user is a "tenant" with isolated data
- Storage Management: Admins allocate storage based on needs
- Compliance: Controlled user base for compliance requirements
- Billing: Users can be tied to billing/subscription models
Admin Capabilities
Admins have full control over:
- User creation and deletion
- Resource quotas (storage, channels, playlists)
- Account activation/deactivation
- 2FA reset
- Storage usage monitoring
- User permissions (admin/regular)
User Onboarding Flow
Recommended Process
- Request: User requests account via email/form
- Admin Review: Admin reviews request
- Account Creation: Admin creates account with appropriate quotas
- Credentials: Admin sends credentials to user securely
- First Login: User logs in and changes password
- 2FA Setup: User sets up 2FA (recommended)
Example Onboarding Email
Welcome to SoundWave!
Your account has been created:
- Username: john_doe
- Temporary Password: [generated_password]
Storage Quota: 50 GB
Max Channels: 50
Max Playlists: 100
Please login and change your password immediately:
http://soundwave.example.com/
For security, we recommend enabling 2FA in Settings.
Questions? Contact: admin@example.com
API Endpoints
Public Endpoints (No Auth Required)
POST /api/user/login/- User loginPOST /api/user/register/- Returns 403 (disabled)
Authenticated Endpoints
GET /api/user/account/- Get current userPOST /api/user/logout/- LogoutGET /api/user/config/- User settings
Admin-Only Endpoints
GET /api/user/admin/users/- List all usersPOST /api/user/admin/users/- Create new userPATCH /api/user/admin/users/{id}/- Update userPOST /api/user/admin/users/{id}/reset_storage/- Reset storagePOST /api/user/admin/users/{id}/toggle_active/- Activate/deactivate
Password Requirements
When creating users, passwords must meet these requirements:
PASSWORD_MIN_LENGTH = 8
PASSWORD_REQUIRE_UPPERCASE = True
PASSWORD_REQUIRE_LOWERCASE = True
PASSWORD_REQUIRE_NUMBERS = True
PASSWORD_REQUIRE_SPECIAL = False # Optional
Example valid passwords:
SecurePass123MyPassword1Admin2024Test
Future Enhancements
Potential features for user management:
- Invitation system (admin sends invite links)
- Approval workflow (users request, admin approves)
- Self-service password reset
- Email verification
- Account expiration dates
- Welcome email templates
- User onboarding wizard
- Bulk user import from CSV
- SSO/LDAP integration
- OAuth providers (Google, GitHub)
Troubleshooting
"Registration is disabled" error
Cause: Public registration is intentionally disabled.
Solution: Contact system administrator to create an account.
Cannot create users
Cause: User is not an admin.
Solution: Only admin users (is_admin=True or is_superuser=True) can create users.
How to create first admin?
python manage.py createsuperuser
This creates the first admin who can then create other users.
Best Practices
- Strong Passwords: Enforce strong password requirements
- Enable 2FA: Require 2FA for admin accounts
- Audit Logs: Track user creation and modifications
- Resource Planning: Allocate quotas based on user needs
- Regular Review: Periodically review active users
- Offboarding: Deactivate accounts for departed users
- Backup: Regular database backups including user data
- Documentation: Keep user list and quotas documented