How to disable registration new users in Laravel

To disable new user registration in Laravel, you can remove the registration routes and controllers from your application. The approach depends on whether you are using modern Laravel scaffolding (like Breeze or Jetstream) or legacy authentication routes.

Method 1: Remove Registration Routes and Controllers

For Laravel Breeze/Jetstream (Laravel 9+):

1. Open routes/auth.php and comment out or remove the registration-related routes (/register, /register/password, etc.).
2. Optionally, delete app/Http/Controllers/Auth/RegisteredUserController.php and remove its import from routes/auth.php. For Legacy Applications:
3. Open routes/web.php and remove the registration routes (e.g., Auth::routes(['register' => false]); or custom Route::get('/register', ...)).
4. Remove or comment out the registration controller methods and views if they are no longer needed.

Method 2: Use Custom Middleware

Another approach is to intercept registration requests using middleware. Note that this only blocks routes where the middleware is applied, not the entire application globally.

// app/Http/Middleware/DisableRegistration.php
namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;

class DisableRegistration
{
    public function handle(Request $request, Closure $next): Response
    {
        if (config('auth.disable_registration', false)) {
            return redirect()->route('home')->with('error', 'Registration is currently disabled.');
        }
        return $next($request);
    }
}

1. Create the middleware using php artisan make:middleware DisableRegistration.
2. Register this middleware in your application's middleware configuration (e.g., app/Http/Kernel.php for Laravel 10 or bootstrap/app.php for Laravel 11+) and apply it to your registration routes.
3. Add 'disable_registration' => false, to your config/auth.php file to control the feature toggle.

Method 3: Use Laravel Gates

You can also use Laravel's Gate to control access to the registration controller. This only affects controllers or routes explicitly protected by the gate.

// app/Providers/AuthServiceProvider.php
namespace App\Providers;

use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;

class AuthServiceProvider extends ServiceProvider
{
    protected $policies = [
        // 'App\Models\Model' => 'App\Policies\ModelPolicy',
    ];

    public function boot(): void
    {
        Gate::define('register', function () {
            return !config('auth.disable_registration', false);
        });
    }
}

1. Define the gate in app/Providers/AuthServiceProvider.php.
2. Protect your registration controller with $this->middleware('can:register'); (Laravel 10 and below) or use route middleware Route::middleware('can:register')->group(...).
3. Ensure the disable_registration key is set in config/auth.php.

Choose the method that best fits your application's architecture. Removing routes is the most permanent solution, while middleware and gates allow for dynamic toggling without code changes.