set DISABLE_REGISTRATION param to disable registration

2020-01-28 11:50:25 +07:00 · 2020-01-28 11:50:25 +07:00 · f76bdd8fe6
parent 6a45c3b862
commit f76bdd8fe6
7 changed files with 60 additions and 6 deletions
--- a/app/auth/views/facebook.py
+++ b/app/auth/views/facebook.py
@ -6,7 +6,12 @@ from requests_oauthlib.compliance_fixes import facebook_compliance_fix
 from app import email_utils
 from app.auth.base import auth_bp
 from app.auth.views.google import create_file_from_url
-from app.config import URL, FACEBOOK_CLIENT_ID, FACEBOOK_CLIENT_SECRET
+from app.config import (
+    URL,
+    FACEBOOK_CLIENT_ID,
+    FACEBOOK_CLIENT_SECRET,
+    DISABLE_REGISTRATION,
+)
 from app.extensions import db
 from app.log import LOG
 from app.models import User
@ -103,6 +108,10 @@ def facebook_callback():

    # create user
    else:
+        if DISABLE_REGISTRATION:
+            flash("Registration is closed", "error")
+            return redirect(url_for("auth.login"))
+
        if not can_be_used_as_personal_email(email):
            flash(
                f"You cannot use {email} as your personal inbox.", "error",
--- a/app/auth/views/github.py
+++ b/app/auth/views/github.py
@ -5,7 +5,7 @@ from requests_oauthlib import OAuth2Session
 from app import email_utils
 from app.auth.base import auth_bp
 from app.auth.views.login_utils import after_login
-from app.config import GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, URL
+from app.config import GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, URL, DISABLE_REGISTRATION
 from app.email_utils import can_be_used_as_personal_email
 from app.extensions import db
 from app.log import LOG
@ -85,6 +85,10 @@ def github_callback():

    # create user
    if not user:
+        if DISABLE_REGISTRATION:
+            flash("Registration is closed", "error")
+            return redirect(url_for("auth.login"))
+
        if not can_be_used_as_personal_email(email):
            flash(
                f"You cannot use {email} as your personal inbox.", "error",
--- a/app/auth/views/google.py
+++ b/app/auth/views/google.py
@ -4,7 +4,7 @@ from requests_oauthlib import OAuth2Session

 from app import s3, email_utils
 from app.auth.base import auth_bp
-from app.config import URL, GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET
+from app.config import URL, GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, DISABLE_REGISTRATION
 from app.extensions import db
 from app.log import LOG
 from app.models import User, File
@ -93,6 +93,10 @@ def google_callback():
            db.session.commit()
    # create user
    else:
+        if DISABLE_REGISTRATION:
+            flash("Registration is closed", "error")
+            return redirect(url_for("auth.login"))
+
        if not can_be_used_as_personal_email(email):
            flash(
                f"You cannot use {email} as your personal inbox.", "error",
--- a/app/auth/views/register.py
+++ b/app/auth/views/register.py
@ -3,9 +3,9 @@ from flask_login import current_user
 from flask_wtf import FlaskForm
 from wtforms import StringField, validators

-from app import email_utils
+from app import email_utils, config
 from app.auth.base import auth_bp
-from app.config import URL
+from app.config import URL, DISABLE_REGISTRATION
 from app.email_utils import can_be_used_as_personal_email
 from app.extensions import db
 from app.log import LOG
@ -27,6 +27,10 @@ def register():
        flash("You are already logged in", "warning")
        return redirect(url_for("dashboard.index"))

+    if config.DISABLE_REGISTRATION:
+        flash("Registration is closed", "error")
+        return redirect(url_for("auth.login"))
+
    form = RegisterForm(request.form)
    next_url = request.args.get("next")

--- a/app/config.py
+++ b/app/config.py
@ -54,6 +54,8 @@ except Exception:
 # allow to override postfix server locally
 POSTFIX_SERVER = os.environ.get("POSTFIX_SERVER", "240.0.0.1")

+DISABLE_REGISTRATION = "DISABLE_REGISTRATION" in os.environ
+
 if "OTHER_ALIAS_DOMAINS" in os.environ:
    OTHER_ALIAS_DOMAINS = eval(
        os.environ["OTHER_ALIAS_DOMAINS"]
--- a/example.env
+++ b/example.env
@ -25,7 +25,10 @@ SUPPORT_NAME=Son from SimpleLogin
 # ADMIN_EMAIL=admin@sl.local

 # Max number emails user can generate for free plan
-MAX_NB_EMAIL_FREE_PLAN=3
+MAX_NB_EMAIL_FREE_PLAN=5
+
+# Close registration. Avoid people accidentally creating new account on a self-hosted SimpleLogin
+# DISABLE_REGISTRATION=1

 # custom domain needs to point to these MX servers
 EMAIL_SERVERS_WITH_PRIORITY=[(10, "email.hostname.")]
--- a/tests/auth/test_register.py
+++ b/tests/auth/test_register.py
@ -0,0 +1,28 @@
+from flask import url_for
+
+
+def test_register_success(flask_client):
+    """User arrives at the waiting activation page."""
+    r = flask_client.post(
+        url_for("auth.register"),
+        data={"email": "a@b.c", "password": "password"},
+        follow_redirects=True,
+    )
+
+    assert r.status_code == 200
+    assert b"An email to validate your email is on its way" in r.data
+
+
+def test_register_disabled(flask_client):
+    """User cannot create new account when DISABLE_REGISTRATION."""
+    from app import config
+
+    config.DISABLE_REGISTRATION = True
+
+    r = flask_client.post(
+        url_for("auth.register"),
+        data={"email": "a@b.c", "password": "password"},
+        follow_redirects=True,
+    )
+
+    assert b"Registration is closed" in r.data