Add a feature flag to disable user creation

2014-10-02 14:49:18 -04:00 · 2014-10-02 14:49:18 -04:00 · c682899861
commit c682899861
parent 5c18ffe67d
7 changed files with 22 additions and 6 deletions
--- a/endpoints/api/user.py
+++ b/endpoints/api/user.py
@ -195,6 +195,7 @@ class User(ApiResource):

    return user_view(user)

+  @show_if(features.USER_CREATION)
  @nickname('createNewUser')
  @parse_args
  @query_param('inviteCode', 'Invitation code given for creating the user.', type=str,
--- a/endpoints/callbacks.py
+++ b/endpoints/callbacks.py
@ -26,7 +26,8 @@ def render_ologin_error(service_name,
                        error_message='Could not load user data. The token may have expired.'):
  return render_page_template('ologinerror.html', service_name=service_name,
                              error_message=error_message,
-                              service_url=get_app_url())
+                              service_url=get_app_url(),
+                              user_creation=features.USER_CREATION)

 def exchange_code_for_token(code, service_name='GITHUB', for_login=True, form_encode=False,
                            redirect_suffix=''):
@ -85,7 +86,12 @@ def get_google_user(token):
 def conduct_oauth_login(service_name, user_id, username, email, metadata={}):
  to_login = model.verify_federated_login(service_name.lower(), user_id)
  if not to_login:
-    # try to create the user
+    # See if we can create a new user.
+    if not features.USER_CREATION:
+      error_message = 'User creation is disabled. Please contact your administrator'
+      return render_ologin_error(service_name, error_message)
+
+    # Try to create the user
    try:
      valid = next(generate_valid_usernames(username))
      to_login = model.create_federated_user(valid, email, service_name.lower(),
@ -147,7 +153,7 @@ def github_oauth_callback():

  token = exchange_code_for_token(request.args.get('code'), service_name='GITHUB')
  user_data = get_github_user(token)
-  if not user_data:
+  if not user_data or not 'login' in user_data:
    return render_ologin_error('GitHub')

  username = user_data['login']
--- a/endpoints/index.py
+++ b/endpoints/index.py
@ -19,6 +19,7 @@ from auth.permissions import (ModifyRepositoryPermission, UserAdminPermission,
 from util.http import abort
 from endpoints.notificationhelper import spawn_notification

+import features

 logger = logging.getLogger(__name__)
 profile = logging.getLogger('application.profiler')
@ -65,6 +66,9 @@ def generate_headers(role='read'):
@index.route('/users', methods=['POST'])
@index.route('/users/', methods=['POST'])
 def create_user():
+  if not features.USER_CREATION:
+    abort(400, 'User creation is disabled. Please speak to your administrator.')
+
  user_data = request.get_json()
  if not 'username' in user_data:
    abort(400, 'Missing username')