vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add a feature flag to disable user creation

Browse source
This commit is contained in:
Joseph Schorr 2014-10-02 14:49:18 -04:00
parent 5c18ffe67d
commit c682899861
7 changed files with 22 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
config.py
View file

@ -165,6 +165,9 @@ class DefaultConfig(object):
# Feature Flag: Whether emails are enabled. # Feature Flag: Whether emails are enabled.
FEATURE_MAILING = True FEATURE_MAILING = True
# Feature Flag: Whether users can be created (by non-super users).
FEATURE_USER_CREATION = True
DISTRIBUTED_STORAGE_CONFIG = { DISTRIBUTED_STORAGE_CONFIG = {
'local_eu': ['LocalStorage', {'storage_path': 'test/data/registry/eu'}], 'local_eu': ['LocalStorage', {'storage_path': 'test/data/registry/eu'}],
'local_us': ['LocalStorage', {'storage_path': 'test/data/registry/us'}], 'local_us': ['LocalStorage', {'storage_path': 'test/data/registry/us'}],

1
endpoints/api/user.py
View file

@ -195,6 +195,7 @@ class User(ApiResource):
return user_view(user) return user_view(user)
@show_if(features.USER_CREATION)
@nickname('createNewUser') @nickname('createNewUser')
@parse_args @parse_args
@query_param('inviteCode', 'Invitation code given for creating the user.', type=str, @query_param('inviteCode', 'Invitation code given for creating the user.', type=str,

12
endpoints/callbacks.py
View file

@ -26,7 +26,8 @@ def render_ologin_error(service_name,
error_message='Could not load user data. The token may have expired.'): error_message='Could not load user data. The token may have expired.'):
return render_page_template('ologinerror.html', service_name=service_name, return render_page_template('ologinerror.html', service_name=service_name,
error_message=error_message, error_message=error_message,
service_url=get_app_url()) service_url=get_app_url(),
user_creation=features.USER_CREATION)
def exchange_code_for_token(code, service_name='GITHUB', for_login=True, form_encode=False, def exchange_code_for_token(code, service_name='GITHUB', for_login=True, form_encode=False,
redirect_suffix=''): redirect_suffix=''):
@ -85,7 +86,12 @@ def get_google_user(token):
def conduct_oauth_login(service_name, user_id, username, email, metadata={}): def conduct_oauth_login(service_name, user_id, username, email, metadata={}):
to_login = model.verify_federated_login(service_name.lower(), user_id) to_login = model.verify_federated_login(service_name.lower(), user_id)
if not to_login: if not to_login:
# try to create the user # See if we can create a new user.
if not features.USER_CREATION:
error_message = 'User creation is disabled. Please contact your administrator'
return render_ologin_error(service_name, error_message)
# Try to create the user
try: try:
valid = next(generate_valid_usernames(username)) valid = next(generate_valid_usernames(username))
to_login = model.create_federated_user(valid, email, service_name.lower(), to_login = model.create_federated_user(valid, email, service_name.lower(),
@ -147,7 +153,7 @@ def github_oauth_callback():
token = exchange_code_for_token(request.args.get('code'), service_name='GITHUB') token = exchange_code_for_token(request.args.get('code'), service_name='GITHUB')
user_data = get_github_user(token) user_data = get_github_user(token)
if not user_data: if not user_data or not 'login' in user_data:
return render_ologin_error('GitHub') return render_ologin_error('GitHub')
username = user_data['login'] username = user_data['login']

4
endpoints/index.py
View file

@ -19,6 +19,7 @@ from auth.permissions import (ModifyRepositoryPermission, UserAdminPermission,
from util.http import abort from util.http import abort
from endpoints.notificationhelper import spawn_notification from endpoints.notificationhelper import spawn_notification
import features
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
profile = logging.getLogger('application.profiler') profile = logging.getLogger('application.profiler')
@ -65,6 +66,9 @@ def generate_headers(role='read'):
@index.route('/users', methods=['POST']) @index.route('/users', methods=['POST'])
@index.route('/users/', methods=['POST']) @index.route('/users/', methods=['POST'])
def create_user(): def create_user():
if not features.USER_CREATION:
abort(400, 'User creation is disabled. Please speak to your administrator.')
user_data = request.get_json() user_data = request.get_json()
if not 'username' in user_data: if not 'username' in user_data:
abort(400, 'Missing username') abort(400, 'Missing username')

2
static/directives/signup-form.html
View file

@ -1,4 +1,4 @@
<div class="signup-form-element"> <div class="signup-form-element" quay-show="Features.USER_CREATION">
<form class="form-signup" name="signupForm" ng-submit="register()" ng-show="!awaitingConfirmation && !registering"> <form class="form-signup" name="signupForm" ng-submit="register()" ng-show="!awaitingConfirmation && !registering">
<input type="text" class="form-control" placeholder="Create a username" name="username" ng-model="newUser.username" autofocus required ng-pattern="/^[a-z0-9_]{4,30}$/"> <input type="text" class="form-control" placeholder="Create a username" name="username" ng-model="newUser.username" autofocus required ng-pattern="/^[a-z0-9_]{4,30}$/">
<input type="email" class="form-control" placeholder="Email address" ng-model="newUser.email" required> <input type="email" class="form-control" placeholder="Email address" ng-model="newUser.email" required>

2
static/directives/user-setup.html
View file

@ -14,7 +14,7 @@
</div> </div>
</div> </div>
</div> </div>
<div class="panel panel-default"> <div class="panel panel-default" quay-show="Features.USER_CREATION">
<div class="panel-heading"> <div class="panel-heading">
<h6 class="panel-title accordion-title"> <h6 class="panel-title accordion-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion" data-target="#collapseRegister"> <a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion" data-target="#collapseRegister">

4
templates/ologinerror.html
View file

@ -8,17 +8,19 @@
<div class="container"> <div class="container">
<div class="row"> <div class="row">
<div class="col-md-12"> <div class="col-md-12">
<h2>There was an error logging in with {{ service_name }}.</h2> <h2 style="margin-bottom: 20px;">There was an error logging in with {{ service_name }}.</h2>
{% if error_message %} {% if error_message %}
<div class="alert alert-danger">{{ error_message }}</div> <div class="alert alert-danger">{{ error_message }}</div>
{% endif %} {% endif %}
{% if user_creation %}
<div> <div>
Please register using the <a ng-href="{{ service_url }}/signin" target="_self">registration form</a> to continue. Please register using the <a ng-href="{{ service_url }}/signin" target="_self">registration form</a> to continue.
You will be able to connect your account to your Quay.io account You will be able to connect your account to your Quay.io account
in the user settings. in the user settings.
</div> </div>
{% endif %}
</div> </div>
</div> </div>