diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 09705d12ab4dfe301535a973e2607fad4efc9d0d..fde14255b2424bf2460f3febfa4c87ae3b3308cc 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,2 +1,9 @@
 class ApplicationController < ActionController::Base
+  before_action :configure_permitted_parameters, if: :devise_controller?
+
+  protected
+
+  def configure_permitted_parameters
+    devise_parameter_sanitizer.permit(:sign_up, keys: [:invitation_token])
+  end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 82a1d1f66df17d82f6fe75c076116daeb73a6029..f71f25391a34f19883e35ff4119951969221b42e 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -4,7 +4,9 @@ class User < ApplicationRecord
   has_many :candidates
 
   validates :password, presence: true, length: { minimum: 6 }, allow_nil: true
-  validates :email, uniqueness: { case_sensitive: false, message: "already in use" }
+  validates :email, uniqueness: { case_sensitive: false, message: "already in use" }, allow_nil: true
+  validates :invitation_token, presence: true, on: :create
+  validate :valid_invitation_token, on: :create
 
   after_initialize :set_avatar_color
 
@@ -43,4 +45,10 @@ class User < ApplicationRecord
 
     self.avatar_color = "##{r.to_s(16).rjust(2, '0')}#{g.to_s(16).rjust(2, '0')}#{b.to_s(16).rjust(2, '0')}"
   end
+
+  private
+
+  def valid_invitation_token valid_tokens = ["gargamel"]
+    errors.add(:invitation_token, "is invalid") unless valid_tokens.include?(invitation_token)
+  end
 end
diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb
index e910dc31f8bc54f71c507d815c0bc5a5db05dc2e..d751c2b7082a3b54ebad41f8c2f34c23b82da9da 100644
--- a/app/views/devise/registrations/new.html.erb
+++ b/app/views/devise/registrations/new.html.erb
@@ -22,6 +22,11 @@
     <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
   </div>
 
+  <div class="field">
+    <%= f.label :invitation_token, "Invitation Token" %><br />
+    <%= f.text_field :invitation_token, autocomplete: "off" %>
+  </div>
+
   <div class="actions">
     <%= f.submit "Sign up" %>
   </div>
diff --git a/db/migrate/20241220212328_add_invitation_token_to_users.rb b/db/migrate/20241220212328_add_invitation_token_to_users.rb
new file mode 100644
index 0000000000000000000000000000000000000000..16fe3658d3d83f3a0923f14f6feea95331092291
--- /dev/null
+++ b/db/migrate/20241220212328_add_invitation_token_to_users.rb
@@ -0,0 +1,5 @@
+class AddInvitationTokenToUsers < ActiveRecord::Migration[7.1]
+  def change
+    add_column :users, :invitation_token, :string
+  end
+end
diff --git a/db/seeds.rb b/db/seeds.rb
index fac64bcc7dd406e300fb06efc755998c1e76dfe0..0a48a365020f05ce066df9c7457d40956b3e010b 100644
--- a/db/seeds.rb
+++ b/db/seeds.rb
@@ -61,6 +61,8 @@ end
 %w[tribut Teal hdsjulian Sophie bergpiratin sblsg Max aerowaffle ningwie Senana ToniHDS].each do |username|
   User.find_or_create_by(name: username) do |u|
     u.email = "c3lingo+#{username}@x.moeffju.net"
+    u.invitation_token = "gargamel"
+    u.save!
   end
 end