Add feature flag to disable username confirmation
Fixes https://jira.coreos.com/browse/QUAY-914
This commit is contained in:
		
							parent
							
								
									81ea73ce0d
								
							
						
					
					
						commit
						b2262eaf46
					
				
					 8 changed files with 33 additions and 3 deletions
				
			
		|  | @ -279,6 +279,10 @@ class DefaultConfig(ImmutableConfig): | ||||||
|   # Feature Flag: If set to true, autocompletion will apply to partial usernames. |   # Feature Flag: If set to true, autocompletion will apply to partial usernames. | ||||||
|   FEATURE_PARTIAL_USER_AUTOCOMPLETE = True |   FEATURE_PARTIAL_USER_AUTOCOMPLETE = True | ||||||
| 
 | 
 | ||||||
|  |   # Feature Flag: If set to true, users can confirm (and modify) their initial usernames when | ||||||
|  |   # logging in via OIDC or a non-database internal auth provider. | ||||||
|  |   FEATURE_USERNAME_CONFIRMATION = True | ||||||
|  | 
 | ||||||
|   # If a namespace is defined in the public namespace list, then it will appear on *all* |   # If a namespace is defined in the public namespace list, then it will appear on *all* | ||||||
|   # user's repository list pages, regardless of whether that user is a member of the namespace. |   # user's repository list pages, regardless of whether that user is a member of the namespace. | ||||||
|   # Typically, this is used by an enterprise customer in configuring a set of "well-known" |   # Typically, this is used by an enterprise customer in configuring a set of "well-known" | ||||||
|  |  | ||||||
|  | @ -456,9 +456,12 @@ def _get_login_service(service_id): | ||||||
| 
 | 
 | ||||||
| def create_federated_user(username, email, service_id, service_ident, | def create_federated_user(username, email, service_id, service_ident, | ||||||
|                           set_password_notification, metadata={}, |                           set_password_notification, metadata={}, | ||||||
|                           email_required=True, prompts=tuple()): |                           email_required=True, confirm_username=True, | ||||||
|  |                           prompts=tuple()): | ||||||
|   prompts = set(prompts) |   prompts = set(prompts) | ||||||
|   prompts.add(UserPromptTypes.CONFIRM_USERNAME) | 
 | ||||||
|  |   if confirm_username: | ||||||
|  |     prompts.add(UserPromptTypes.CONFIRM_USERNAME) | ||||||
| 
 | 
 | ||||||
|   new_user = create_user_noverify(username, email, email_required=email_required, prompts=prompts) |   new_user = create_user_noverify(username, email, email_required=email_required, prompts=prompts) | ||||||
|   new_user.verified = True |   new_user.verified = True | ||||||
|  |  | ||||||
|  | @ -133,6 +133,7 @@ class FederatedUsers(object): | ||||||
|                                                    username, |                                                    username, | ||||||
|                                                    set_password_notification=False, |                                                    set_password_notification=False, | ||||||
|                                                    email_required=self._requires_email, |                                                    email_required=self._requires_email, | ||||||
|  |                                                    confirm_username=features.USERNAME_CONFIRMATION, | ||||||
|                                                    prompts=prompts) |                                                    prompts=prompts) | ||||||
|       except model.InvalidEmailAddressException as iae: |       except model.InvalidEmailAddressException as iae: | ||||||
|         return (None, iae.message) |         return (None, iae.message) | ||||||
|  |  | ||||||
|  | @ -392,7 +392,8 @@ class User(ApiResource): | ||||||
|         new_username = user_data.get('username') |         new_username = user_data.get('username') | ||||||
|         previous_username = user.username |         previous_username = user.username | ||||||
| 
 | 
 | ||||||
|         rename_allowed = features.USER_RENAME or confirm_username |         rename_allowed = (features.USER_RENAME or  | ||||||
|  |                           (confirm_username and features.USERNAME_CONFIRMATION)) | ||||||
|         username_changing = new_username and new_username != previous_username |         username_changing = new_username and new_username != previous_username | ||||||
| 
 | 
 | ||||||
|         if rename_allowed and username_changing: |         if rename_allowed and username_changing: | ||||||
|  |  | ||||||
|  | @ -110,6 +110,7 @@ def _conduct_oauth_login(auth_system, login_service, lid, lusername, lemail, met | ||||||
|     user_obj = model.user.create_federated_user(new_username, lemail, service_id, lid, |     user_obj = model.user.create_federated_user(new_username, lemail, service_id, lid, | ||||||
|                                                 set_password_notification=requires_password, |                                                 set_password_notification=requires_password, | ||||||
|                                                 metadata=metadata or {}, |                                                 metadata=metadata or {}, | ||||||
|  |                                                 confirm_username=features.USERNAME_CONFIRMATION, | ||||||
|                                                 prompts=prompts, |                                                 prompts=prompts, | ||||||
|                                                 email_required=features.MAILING) |                                                 email_required=features.MAILING) | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -1350,6 +1350,18 @@ | ||||||
|               </div> |               </div> | ||||||
|             </td> |             </td> | ||||||
|           </tr> |           </tr> | ||||||
|  |           <tr> | ||||||
|  |             <td class="non-input">Allow username confirmation:</td> | ||||||
|  |             <td colspan="2"> | ||||||
|  |                 <div class="config-bool-field" binding="config.FEATURE_USERNAME_CONFIRMATION"> | ||||||
|  |                   Allow username confirmation | ||||||
|  |                 </div> | ||||||
|  |                 <div class="help-text"> | ||||||
|  |                     If disabled, users logging in will be locked into the username granted by | ||||||
|  |                     the registry. | ||||||
|  |                 </div> | ||||||
|  |             </td> | ||||||
|  |           </tr> | ||||||
|           <tr ng-show="config.FEATURE_MAILING"> |           <tr ng-show="config.FEATURE_MAILING"> | ||||||
|             <td class="non-input">Team Invitations:</td> |             <td class="non-input">Team Invitations:</td> | ||||||
|             <td colspan="2"> |             <td colspan="2"> | ||||||
|  |  | ||||||
|  | @ -22,6 +22,7 @@ def add_enterprise_config_defaults(config_obj, current_secret_key, hostname): | ||||||
|   config_obj['FEATURE_DIRECT_LOGIN'] = config_obj.get('FEATURE_DIRECT_LOGIN', True) |   config_obj['FEATURE_DIRECT_LOGIN'] = config_obj.get('FEATURE_DIRECT_LOGIN', True) | ||||||
|   config_obj['FEATURE_APP_SPECIFIC_TOKENS'] = config_obj.get('FEATURE_APP_SPECIFIC_TOKENS', True) |   config_obj['FEATURE_APP_SPECIFIC_TOKENS'] = config_obj.get('FEATURE_APP_SPECIFIC_TOKENS', True) | ||||||
|   config_obj['FEATURE_PARTIAL_USER_AUTOCOMPLETE'] = config_obj.get('FEATURE_PARTIAL_USER_AUTOCOMPLETE', True) |   config_obj['FEATURE_PARTIAL_USER_AUTOCOMPLETE'] = config_obj.get('FEATURE_PARTIAL_USER_AUTOCOMPLETE', True) | ||||||
|  |   config_obj['FEATURE_USERNAME_CONFIRMATION'] = config_obj.get('FEATURE_USERNAME_CONFIRMATION', True) | ||||||
| 
 | 
 | ||||||
|   # Default features that are off. |   # Default features that are off. | ||||||
|   config_obj['FEATURE_MAILING'] = config_obj.get('FEATURE_MAILING', False) |   config_obj['FEATURE_MAILING'] = config_obj.get('FEATURE_MAILING', False) | ||||||
|  |  | ||||||
|  | @ -909,6 +909,13 @@ CONFIG_SCHEMA = { | ||||||
|       'description': 'If set to true, users can rename their own namespace. Defaults to False', |       'description': 'If set to true, users can rename their own namespace. Defaults to False', | ||||||
|       'x-example': True, |       'x-example': True, | ||||||
|     }, |     }, | ||||||
|  | 
 | ||||||
|  |     # Feature Flag: Username confirmation. | ||||||
|  |     'FEATURE_USERNAME_CONFIRMATION': { | ||||||
|  |       'type': 'boolean', | ||||||
|  |       'description': 'If set to true, users can confirm their generated usernames. Defaults to True', | ||||||
|  |       'x-example': False, | ||||||
|  |     }, | ||||||
|  }, |  }, | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
		Reference in a new issue