From f76bdd8fe62b632fe5d23f6c4b538033e5ec28f6 Mon Sep 17 00:00:00 2001 From: Son NK Date: Tue, 28 Jan 2020 11:50:25 +0700 Subject: [PATCH] set DISABLE_REGISTRATION param to disable registration --- app/auth/views/facebook.py | 11 ++++++++++- app/auth/views/github.py | 6 +++++- app/auth/views/google.py | 6 +++++- app/auth/views/register.py | 8 ++++++-- app/config.py | 2 ++ example.env | 5 ++++- tests/auth/test_register.py | 28 ++++++++++++++++++++++++++++ 7 files changed, 60 insertions(+), 6 deletions(-) create mode 100644 tests/auth/test_register.py diff --git a/app/auth/views/facebook.py b/app/auth/views/facebook.py index 7e5e03a0..ef545b89 100644 --- a/app/auth/views/facebook.py +++ b/app/auth/views/facebook.py @@ -6,7 +6,12 @@ from requests_oauthlib.compliance_fixes import facebook_compliance_fix from app import email_utils from app.auth.base import auth_bp from app.auth.views.google import create_file_from_url -from app.config import URL, FACEBOOK_CLIENT_ID, FACEBOOK_CLIENT_SECRET +from app.config import ( + URL, + FACEBOOK_CLIENT_ID, + FACEBOOK_CLIENT_SECRET, + DISABLE_REGISTRATION, +) from app.extensions import db from app.log import LOG from app.models import User @@ -103,6 +108,10 @@ def facebook_callback(): # create user else: + if DISABLE_REGISTRATION: + flash("Registration is closed", "error") + return redirect(url_for("auth.login")) + if not can_be_used_as_personal_email(email): flash( f"You cannot use {email} as your personal inbox.", "error", diff --git a/app/auth/views/github.py b/app/auth/views/github.py index 85b663c1..f4e002df 100644 --- a/app/auth/views/github.py +++ b/app/auth/views/github.py @@ -5,7 +5,7 @@ from requests_oauthlib import OAuth2Session from app import email_utils from app.auth.base import auth_bp from app.auth.views.login_utils import after_login -from app.config import GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, URL +from app.config import GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, URL, DISABLE_REGISTRATION from app.email_utils import can_be_used_as_personal_email from app.extensions import db from app.log import LOG @@ -85,6 +85,10 @@ def github_callback(): # create user if not user: + if DISABLE_REGISTRATION: + flash("Registration is closed", "error") + return redirect(url_for("auth.login")) + if not can_be_used_as_personal_email(email): flash( f"You cannot use {email} as your personal inbox.", "error", diff --git a/app/auth/views/google.py b/app/auth/views/google.py index 523278cd..56c628c2 100644 --- a/app/auth/views/google.py +++ b/app/auth/views/google.py @@ -4,7 +4,7 @@ from requests_oauthlib import OAuth2Session from app import s3, email_utils from app.auth.base import auth_bp -from app.config import URL, GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET +from app.config import URL, GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, DISABLE_REGISTRATION from app.extensions import db from app.log import LOG from app.models import User, File @@ -93,6 +93,10 @@ def google_callback(): db.session.commit() # create user else: + if DISABLE_REGISTRATION: + flash("Registration is closed", "error") + return redirect(url_for("auth.login")) + if not can_be_used_as_personal_email(email): flash( f"You cannot use {email} as your personal inbox.", "error", diff --git a/app/auth/views/register.py b/app/auth/views/register.py index 2681c63c..9c5da2bb 100644 --- a/app/auth/views/register.py +++ b/app/auth/views/register.py @@ -3,9 +3,9 @@ from flask_login import current_user from flask_wtf import FlaskForm from wtforms import StringField, validators -from app import email_utils +from app import email_utils, config from app.auth.base import auth_bp -from app.config import URL +from app.config import URL, DISABLE_REGISTRATION from app.email_utils import can_be_used_as_personal_email from app.extensions import db from app.log import LOG @@ -27,6 +27,10 @@ def register(): flash("You are already logged in", "warning") return redirect(url_for("dashboard.index")) + if config.DISABLE_REGISTRATION: + flash("Registration is closed", "error") + return redirect(url_for("auth.login")) + form = RegisterForm(request.form) next_url = request.args.get("next") diff --git a/app/config.py b/app/config.py index 19150b5e..0d35ef52 100644 --- a/app/config.py +++ b/app/config.py @@ -54,6 +54,8 @@ except Exception: # allow to override postfix server locally POSTFIX_SERVER = os.environ.get("POSTFIX_SERVER", "240.0.0.1") +DISABLE_REGISTRATION = "DISABLE_REGISTRATION" in os.environ + if "OTHER_ALIAS_DOMAINS" in os.environ: OTHER_ALIAS_DOMAINS = eval( os.environ["OTHER_ALIAS_DOMAINS"] diff --git a/example.env b/example.env index 748cc758..be231957 100644 --- a/example.env +++ b/example.env @@ -25,7 +25,10 @@ SUPPORT_NAME=Son from SimpleLogin # ADMIN_EMAIL=admin@sl.local # Max number emails user can generate for free plan -MAX_NB_EMAIL_FREE_PLAN=3 +MAX_NB_EMAIL_FREE_PLAN=5 + +# Close registration. Avoid people accidentally creating new account on a self-hosted SimpleLogin +# DISABLE_REGISTRATION=1 # custom domain needs to point to these MX servers EMAIL_SERVERS_WITH_PRIORITY=[(10, "email.hostname.")] diff --git a/tests/auth/test_register.py b/tests/auth/test_register.py new file mode 100644 index 00000000..db1ca058 --- /dev/null +++ b/tests/auth/test_register.py @@ -0,0 +1,28 @@ +from flask import url_for + + +def test_register_success(flask_client): + """User arrives at the waiting activation page.""" + r = flask_client.post( + url_for("auth.register"), + data={"email": "a@b.c", "password": "password"}, + follow_redirects=True, + ) + + assert r.status_code == 200 + assert b"An email to validate your email is on its way" in r.data + + +def test_register_disabled(flask_client): + """User cannot create new account when DISABLE_REGISTRATION.""" + from app import config + + config.DISABLE_REGISTRATION = True + + r = flask_client.post( + url_for("auth.register"), + data={"email": "a@b.c", "password": "password"}, + follow_redirects=True, + ) + + assert b"Registration is closed" in r.data