Enforce signups_allowed=False (#26)

This commit is contained in:
Michael Manfre 2022-11-20 18:03:09 -05:00 committed by GitHub
parent 6e88c00969
commit 61ce62b026
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 77 additions and 2 deletions

View file

@ -35,4 +35,4 @@ repos:
rev: v0.982 rev: v0.982
hooks: hooks:
- id: mypy - id: mypy
additional_dependencies: [types-pyopenssl, types-bleach] additional_dependencies: [types-pyopenssl, types-bleach, types-mock]

View file

@ -3,6 +3,7 @@ pre-commit~=2.20.0
black==22.10.0 black==22.10.0
flake8==5.0.4 flake8==5.0.4
isort==5.10.1 isort==5.10.1
mock~=4.0.3
pre-commit~=2.20.0 pre-commit~=2.20.0
pytest-django~=4.5.2 pytest-django~=4.5.2
pytest-httpx~=0.21 pytest-httpx~=0.21

View file

@ -7,13 +7,24 @@
{% csrf_token %} {% csrf_token %}
<fieldset> <fieldset>
<legend>Create An Account</legend> <legend>Create An Account</legend>
{{ config.signup_text|safe|linebreaks }} {% if config.signup_text %}{{ config.signup_text|safe|linebreaks }}{% endif %}
{% if config.signup_allowed %}
{% for field in form %} {% for field in form %}
{% include "forms/_field.html" %} {% include "forms/_field.html" %}
{% endfor %} {% endfor %}
{% else %}
{% if not config.signup_text %}
<p>Not accepting new users at this time</p>
{% endif %}
{% endif %}
</fieldset> </fieldset>
{% if config.signup_allowed %}
<div class="buttons"> <div class="buttons">
<button>Create</button> <button>Create</button>
</div> </div>
{% endif %}
</form> </form>
{% endblock %} {% endblock %}

View file

View file

View file

@ -0,0 +1,59 @@
import mock
import pytest
from core.models import Config
from users.models import User
@pytest.fixture
def config_system():
# TODO: Good enough for now, but a better Config mocking system is needed
result = Config.load_system()
with mock.patch("core.models.Config.load_system", return_value=result):
yield result
@pytest.mark.django_db
def test_signup_disabled(client, config_system):
# Signup disabled and no signup text
config_system.signup_allowed = False
resp = client.get("/auth/signup/")
assert resp.status_code == 200
content = str(resp.content)
assert "Not accepting new users at this time" in content
assert "<button>Create</button>" not in content
# Signup disabled with signup text configured
config_system.signup_text = "Go away!!!!!!"
resp = client.get("/auth/signup/")
assert resp.status_code == 200
content = str(resp.content)
assert "Go away!!!!!!" in content
# Ensure direct POST doesn't side step guard
resp = client.post(
"/auth/signup/", data={"email": "test_signup_disabled@example.org"}
)
assert resp.status_code == 200
assert not User.objects.filter(email="test_signup_disabled@example.org").exists()
# Signup enabled
config_system.signup_allowed = True
resp = client.get("/auth/signup/")
assert resp.status_code == 200
content = str(resp.content)
assert "Not accepting new users at this time" not in content
assert "<button>Create</button>" in content
@pytest.mark.django_db
def test_signup_invite_only(client, config_system):
config_system.signup_allowed = True
config_system.signup_invite_only = True
resp = client.get("/auth/signup/")
assert resp.status_code == 200
content = str(resp.content)
assert 'name="invite_code"' in content
# TODO: Actually test this

View file

@ -49,6 +49,10 @@ class Signup(FormView):
raise forms.ValidationError("That is not a valid invite code") raise forms.ValidationError("That is not a valid invite code")
return invite_code return invite_code
def clean(self):
if not Config.system.signup_allowed:
raise forms.ValidationError("Not accepting new users at this time")
def form_valid(self, form): def form_valid(self, form):
user = User.objects.create(email=form.cleaned_data["email"]) user = User.objects.create(email=form.cleaned_data["email"])
# Auto-promote the user to admin if that setting is set # Auto-promote the user to admin if that setting is set