Add feature flag to disable username confirmation

Fixes https://jira.coreos.com/browse/QUAY-914
This commit is contained in:
Joseph Schorr 2018-06-01 13:24:29 -04:00
parent 81ea73ce0d
commit b2262eaf46
8 changed files with 33 additions and 3 deletions

View file

@ -279,6 +279,10 @@ class DefaultConfig(ImmutableConfig):
# Feature Flag: If set to true, autocompletion will apply to partial usernames.
FEATURE_PARTIAL_USER_AUTOCOMPLETE = True
# Feature Flag: If set to true, users can confirm (and modify) their initial usernames when
# logging in via OIDC or a non-database internal auth provider.
FEATURE_USERNAME_CONFIRMATION = True
# If a namespace is defined in the public namespace list, then it will appear on *all*
# user's repository list pages, regardless of whether that user is a member of the namespace.
# Typically, this is used by an enterprise customer in configuring a set of "well-known"

View file

@ -456,9 +456,12 @@ def _get_login_service(service_id):
def create_federated_user(username, email, service_id, service_ident,
set_password_notification, metadata={},
email_required=True, prompts=tuple()):
email_required=True, confirm_username=True,
prompts=tuple()):
prompts = set(prompts)
prompts.add(UserPromptTypes.CONFIRM_USERNAME)
if confirm_username:
prompts.add(UserPromptTypes.CONFIRM_USERNAME)
new_user = create_user_noverify(username, email, email_required=email_required, prompts=prompts)
new_user.verified = True

View file

@ -133,6 +133,7 @@ class FederatedUsers(object):
username,
set_password_notification=False,
email_required=self._requires_email,
confirm_username=features.USERNAME_CONFIRMATION,
prompts=prompts)
except model.InvalidEmailAddressException as iae:
return (None, iae.message)

View file

@ -392,7 +392,8 @@ class User(ApiResource):
new_username = user_data.get('username')
previous_username = user.username
rename_allowed = features.USER_RENAME or confirm_username
rename_allowed = (features.USER_RENAME or
(confirm_username and features.USERNAME_CONFIRMATION))
username_changing = new_username and new_username != previous_username
if rename_allowed and username_changing:

View file

@ -110,6 +110,7 @@ def _conduct_oauth_login(auth_system, login_service, lid, lusername, lemail, met
user_obj = model.user.create_federated_user(new_username, lemail, service_id, lid,
set_password_notification=requires_password,
metadata=metadata or {},
confirm_username=features.USERNAME_CONFIRMATION,
prompts=prompts,
email_required=features.MAILING)

View file

@ -1350,6 +1350,18 @@
</div>
</td>
</tr>
<tr>
<td class="non-input">Allow username confirmation:</td>
<td colspan="2">
<div class="config-bool-field" binding="config.FEATURE_USERNAME_CONFIRMATION">
Allow username confirmation
</div>
<div class="help-text">
If disabled, users logging in will be locked into the username granted by
the registry.
</div>
</td>
</tr>
<tr ng-show="config.FEATURE_MAILING">
<td class="non-input">Team Invitations:</td>
<td colspan="2">

View file

@ -22,6 +22,7 @@ def add_enterprise_config_defaults(config_obj, current_secret_key, hostname):
config_obj['FEATURE_DIRECT_LOGIN'] = config_obj.get('FEATURE_DIRECT_LOGIN', True)
config_obj['FEATURE_APP_SPECIFIC_TOKENS'] = config_obj.get('FEATURE_APP_SPECIFIC_TOKENS', True)
config_obj['FEATURE_PARTIAL_USER_AUTOCOMPLETE'] = config_obj.get('FEATURE_PARTIAL_USER_AUTOCOMPLETE', True)
config_obj['FEATURE_USERNAME_CONFIRMATION'] = config_obj.get('FEATURE_USERNAME_CONFIRMATION', True)
# Default features that are off.
config_obj['FEATURE_MAILING'] = config_obj.get('FEATURE_MAILING', False)

View file

@ -909,6 +909,13 @@ CONFIG_SCHEMA = {
'description': 'If set to true, users can rename their own namespace. Defaults to False',
'x-example': True,
},
# Feature Flag: Username confirmation.
'FEATURE_USERNAME_CONFIRMATION': {
'type': 'boolean',
'description': 'If set to true, users can confirm their generated usernames. Defaults to True',
'x-example': False,
},
},
}