Merge pull request #3099 from quay/joseph.schorr/QUAY-914/confirm-username-flag

Add feature flag to disable username confirmation
2018-06-01 13:34:09 -04:00 · 2018-06-01 13:34:09 -04:00 · 4978edd0a3
commit 4978edd0a3
parent 81ea73ce0d b2262eaf46
8 changed files with 33 additions and 3 deletions
--- a/config.py
+++ b/config.py
@ -279,6 +279,10 @@ class DefaultConfig(ImmutableConfig):
  # Feature Flag: If set to true, autocompletion will apply to partial usernames.
  FEATURE_PARTIAL_USER_AUTOCOMPLETE = True

+  # Feature Flag: If set to true, users can confirm (and modify) their initial usernames when
+  # logging in via OIDC or a non-database internal auth provider.
+  FEATURE_USERNAME_CONFIRMATION = True
+
  # If a namespace is defined in the public namespace list, then it will appear on *all*
  # user's repository list pages, regardless of whether that user is a member of the namespace.
  # Typically, this is used by an enterprise customer in configuring a set of "well-known"
--- a/data/model/user.py
+++ b/data/model/user.py
@ -456,9 +456,12 @@ def _get_login_service(service_id):

 def create_federated_user(username, email, service_id, service_ident,
                          set_password_notification, metadata={},
-                          email_required=True, prompts=tuple()):
+                          email_required=True, confirm_username=True,
+                          prompts=tuple()):
  prompts = set(prompts)
-  prompts.add(UserPromptTypes.CONFIRM_USERNAME)
+
+  if confirm_username:
+    prompts.add(UserPromptTypes.CONFIRM_USERNAME)

  new_user = create_user_noverify(username, email, email_required=email_required, prompts=prompts)
  new_user.verified = True
--- a/data/users/federated.py
+++ b/data/users/federated.py
@ -133,6 +133,7 @@ class FederatedUsers(object):
                                                   username,
                                                   set_password_notification=False,
                                                   email_required=self._requires_email,
+                                                   confirm_username=features.USERNAME_CONFIRMATION,
                                                   prompts=prompts)
      except model.InvalidEmailAddressException as iae:
        return (None, iae.message)
--- a/endpoints/api/user.py
+++ b/endpoints/api/user.py
@ -392,7 +392,8 @@ class User(ApiResource):
        new_username = user_data.get('username')
        previous_username = user.username

-        rename_allowed = features.USER_RENAME or confirm_username
+        rename_allowed = (features.USER_RENAME or 
+                          (confirm_username and features.USERNAME_CONFIRMATION))
        username_changing = new_username and new_username != previous_username

        if rename_allowed and username_changing:
--- a/endpoints/oauth/login.py
+++ b/endpoints/oauth/login.py
@ -110,6 +110,7 @@ def _conduct_oauth_login(auth_system, login_service, lid, lusername, lemail, met
    user_obj = model.user.create_federated_user(new_username, lemail, service_id, lid,
                                                set_password_notification=requires_password,
                                                metadata=metadata or {},
+                                                confirm_username=features.USERNAME_CONFIRMATION,
                                                prompts=prompts,
                                                email_required=features.MAILING)

--- a/static/directives/config/config-setup-tool.html
+++ b/static/directives/config/config-setup-tool.html
@ -1350,6 +1350,18 @@
              </div>
            </td>
          </tr>
+          <tr>
+            <td class="non-input">Allow username confirmation:</td>
+            <td colspan="2">
+                <div class="config-bool-field" binding="config.FEATURE_USERNAME_CONFIRMATION">
+                  Allow username confirmation
+                </div>
+                <div class="help-text">
+                    If disabled, users logging in will be locked into the username granted by
+                    the registry.
+                </div>
+            </td>
+          </tr>
          <tr ng-show="config.FEATURE_MAILING">
            <td class="non-input">Team Invitations:</td>
            <td colspan="2">
--- a/util/config/configutil.py
+++ b/util/config/configutil.py
@ -22,6 +22,7 @@ def add_enterprise_config_defaults(config_obj, current_secret_key, hostname):
  config_obj['FEATURE_DIRECT_LOGIN'] = config_obj.get('FEATURE_DIRECT_LOGIN', True)
  config_obj['FEATURE_APP_SPECIFIC_TOKENS'] = config_obj.get('FEATURE_APP_SPECIFIC_TOKENS', True)
  config_obj['FEATURE_PARTIAL_USER_AUTOCOMPLETE'] = config_obj.get('FEATURE_PARTIAL_USER_AUTOCOMPLETE', True)
+  config_obj['FEATURE_USERNAME_CONFIRMATION'] = config_obj.get('FEATURE_USERNAME_CONFIRMATION', True)

  # Default features that are off.
  config_obj['FEATURE_MAILING'] = config_obj.get('FEATURE_MAILING', False)
--- a/util/config/schema.py
+++ b/util/config/schema.py
@ -909,6 +909,13 @@ CONFIG_SCHEMA = {
      'description': 'If set to true, users can rename their own namespace. Defaults to False',
      'x-example': True,
    },
+
+    # Feature Flag: Username confirmation.
+    'FEATURE_USERNAME_CONFIRMATION': {
+      'type': 'boolean',
+      'description': 'If set to true, users can confirm their generated usernames. Defaults to True',
+      'x-example': False,
+    },
 },
 }