Issue #13 - [FEATURE] Add Feature Flags to Disable Temporary Users and User Signup

[rogelio-cmj]

Motivation

Administrators need the ability to control user access to the platform by disabling temporary user creation and new user signups. This is critical for production environments where organizations want to restrict access to existing users only, prevent anonymous temporary accounts, or temporarily close registration during maintenance or security incidents. Without these controls, administrators cannot enforce access policies or manage user onboarding according to their organizational requirements.

Current Behavior

The system currently allows both temporary user creation and new user signups without any administrative controls. When users visit the platform, they can either create temporary accounts automatically or sign up for permanent accounts through the registration interface. There is no mechanism for administrators to disable these features based on their operational needs.

Reproduction Steps:

1. Navigate to the Puter platform homepage without being logged in
2. Observe that a temporary user account is automatically created
3. Navigate to the signup page
4. Complete the signup form with valid credentials
5. Observe that a new permanent user account is successfully created
6. Expected: Administrators should be able to disable either or both of these behaviors through configuration

Expected Behavior

Administrators should be able to configure feature flags that control temporary user creation and user signup functionality. When these flags are enabled, the system should prevent the respective operations and return appropriate error messages to users attempting those actions. The feature flags should be configurable through the backend configuration and properly integrated with the existing FeatureFlagService architecture.

Acceptance Criteria:

• A temp-users-disabled feature flag can be configured to prevent temporary user creation
• A user-signup-disabled feature flag can be configured to prevent new user signups
• When temporary users are disabled, requests to create temp users return a 403 status with an appropriate error message
• When user signup is disabled, requests to sign up return a 403 status with an appropriate error message
• Both feature flags can be enabled simultaneously, and the system handles this scenario correctly with an appropriate combined error message

Steps To Test

1. Test with both flags disabled (default behavior):

   • Visit the platform homepage and verify a temporary user is created automatically
   • Navigate to the signup page and create a new account
   • Verify both operations succeed

2. Test with temp users disabled:

   • Set disable_temp_users: true in the backend configuration
   • Restart the backend service
   • Visit the platform homepage
   • Verify that no temporary user is created and an appropriate error is shown
   • Verify that regular signup still works

3. Test with user signup disabled:

   • Set disable_user_signup: true in the backend configuration
   • Restart the backend service
   • Attempt to sign up through the registration interface
   • Verify the signup request returns a 403 error with message "User signup is disabled."
   • Verify existing users can still log in

4. Test with both flags enabled:

   • Enable both disable_temp_users and disable_user_signup
   • Restart the backend service
   • Attempt to access the platform without credentials
   • Verify an appropriate error message indicates both features are disabled
   • Verify existing users can still authenticate and access the platform

Submission

Download https://cap.so/ to record your screen (use Studio mode). Export as an mp4, and drag and drop into an issue comment below.

Guide to submitting pull requests: https://hackmd.io/@timothy1ee/Hky8kV3hlx