From 5e8ff5d892f367f9460657f6233189404eb09c6f Mon Sep 17 00:00:00 2001
From: Kevin Chung <kchung@ctfd.io>
Date: Tue, 13 Jun 2023 17:02:30 -0400
Subject: [PATCH] Rough implementation of user registration limit

---
 CTFd/auth.py                                    | 17 +++++++++++++++++
 CTFd/forms/config.py                            |  4 ++++
 .../admin/templates/configs/accounts.html       |  8 ++++++++
 3 files changed, 29 insertions(+)

diff --git a/CTFd/auth.py b/CTFd/auth.py
index 739558ea..870799f0 100644
--- a/CTFd/auth.py
+++ b/CTFd/auth.py
@@ -211,6 +211,14 @@ def register():
         valid_email = validators.validate_email(email_address)
         team_name_email_check = validators.validate_email(name)
 
+        num_users_limit = int(get_config("num_users", default=0))
+        num_users = Users.query.filter_by(banned=False, hidden=False).count()
+        if num_users_limit and num_users >= num_users_limit:
+            abort(
+                403,
+                description=f"Reached the maximum number of users ({num_users_limit}).",
+            )
+
         if get_config("registration_code"):
             if (
                 registration_code.lower()
@@ -490,6 +498,15 @@ def oauth_redirect():
 
             user = Users.query.filter_by(email=user_email).first()
             if user is None:
+                # Respect the user count limit
+                num_users_limit = int(get_config("num_users", default=0))
+                num_users = Users.query.filter_by(banned=False, hidden=False).count()
+                if num_users_limit and num_users >= num_users_limit:
+                    abort(
+                        403,
+                        description=f"Reached the maximum number of users ({num_users_limit}).",
+                    )
+
                 # Check if we are allowing registration before creating users
                 if registration_visible() or mlc_registration():
                     user = Users(
diff --git a/CTFd/forms/config.py b/CTFd/forms/config.py
index da6e00ec..4bdb3588 100644
--- a/CTFd/forms/config.py
+++ b/CTFd/forms/config.py
@@ -48,6 +48,10 @@ class AccountSettingsForm(BaseForm):
         widget=NumberInput(min=0),
         description="Max number of teams (Teams mode only)",
     )
+    num_users = IntegerField(
+        widget=NumberInput(min=0),
+        description="Max number of users",
+    )
     verify_emails = SelectField(
         "Verify Emails",
         description="Control whether users must confirm their email addresses before playing",
diff --git a/CTFd/themes/admin/templates/configs/accounts.html b/CTFd/themes/admin/templates/configs/accounts.html
index 756551a6..f67dd60d 100644
--- a/CTFd/themes/admin/templates/configs/accounts.html
+++ b/CTFd/themes/admin/templates/configs/accounts.html
@@ -46,6 +46,14 @@
 			</small>
 		</div>
 
+		<div class="form-group">
+			{{ form.num_users.label }}
+			{{ form.num_users(class="form-control", value=num_users) }}
+			<small class="form-text text-muted">
+				{{ form.num_users.description }}
+			</small>
+		</div>
+
 		<div class="form-group">
 			{{ form.team_disbanding.label }}
 			{{ form.team_disbanding(class="form-control", value=team_disbanding) }}