diff --git a/src/pages/api/auth/create.ts b/src/pages/api/auth/create.ts
index 2a097fa..1bd80dc 100644
--- a/src/pages/api/auth/create.ts
+++ b/src/pages/api/auth/create.ts
@@ -7,7 +7,8 @@ import config from 'lib/config';
 async function handler(req: NextApiReq, res: NextApiRes) {
   if (req.method === 'POST' && req.body) {
     if (!config.features.invites && req.body.code) return res.forbid('invites are disabled');
-    if (!config.features.user_registration) return res.forbid('user registration is disabled');
+    if (!config.features.user_registration && !req.body.code)
+      return res.forbid('user registration is disabled');
 
     const { code, username, password } = req.body as {
       code?: string;
diff --git a/src/pages/auth/register.tsx b/src/pages/auth/register.tsx
index d1e6dc7..2830d85 100644
--- a/src/pages/auth/register.tsx
+++ b/src/pages/auth/register.tsx
@@ -163,7 +163,7 @@ export const getServerSideProps: GetServerSideProps = async (context) => {
       notFound: true,
     };
 
-  if (!config.features.user_registration) return { notFound: true };
+  if (!config.features.user_registration && !code) return { notFound: true };
 
   if (code) {
     const invite = await prisma.invite.findUnique({