From a9066d5444fd3f98886ab8f1af2ed227be0347d2 Mon Sep 17 00:00:00 2001 From: Ihsan Ullah Date: Thu, 1 Feb 2024 16:00:23 +0500 Subject: [PATCH 1/2] added env option to disable and enable regular signin and sign up --- .env_sample | 6 ++++++ src/apps/profiles/urls_accounts.py | 4 ---- src/apps/profiles/views.py | 6 ++++++ src/settings/base.py | 7 +++++++ src/templates/base.html | 4 +++- src/templates/registration/login.html | 6 +++++- src/utils/context_processors.py | 2 ++ 7 files changed, 29 insertions(+), 6 deletions(-) diff --git a/.env_sample b/.env_sample index b39a83de8..b13fe50a4 100644 --- a/.env_sample +++ b/.env_sample @@ -70,6 +70,12 @@ AWS_QUERYSTRING_AUTH=False # ----------------------------------------------------------------------------- RERUN_SUBMISSION_LIMIT=30 + # ----------------------------------------------------------------------------- + # Enable or disbale regular email sign-in an sign-up + # ----------------------------------------------------------------------------- + ENABLE_SIGN_UP=True + ENABLE_SIGN_IN=True + # # S3 storage example # STORAGE_TYPE=s3 diff --git a/src/apps/profiles/urls_accounts.py b/src/apps/profiles/urls_accounts.py index 03acf8254..779292962 100644 --- a/src/apps/profiles/urls_accounts.py +++ b/src/apps/profiles/urls_accounts.py @@ -8,10 +8,6 @@ urlpatterns = [ url(r'^signup', views.sign_up, name="signup"), path('login/', views.log_in, name='login'), - # url(r'^user_profile', views.user_profile, name="user_profile"), - # path('login/', auth_views.LoginView.as_view(extra_context=extra_context), name='login'), - # path('login/', views.LoginView.as_view(), name='login'), - # path('logout/', auth_views.LogoutView.as_view(), name='logout'), path('logout/', views.LogoutView.as_view(), name='logout'), path('password_reset/', views.CustomPasswordResetView.as_view(), name='password_reset'), path('password_reset/done/', auth_views.PasswordResetDoneView.as_view(), name='password_reset_done'), diff --git a/src/apps/profiles/views.py b/src/apps/profiles/views.py index 33ab6235d..3b6b22169 100644 --- a/src/apps/profiles/views.py +++ b/src/apps/profiles/views.py @@ -104,6 +104,12 @@ def activateEmail(request, user, to_email): def sign_up(request): + + # If sign up is not enabled then redirect to login + # this is for security as some users may access sign up page using the url + if not settings.ENABLE_SIGN_UP: + return redirect('accounts:login') + context = {} context['chahub_signup_url'] = "{}/profiles/signup?next={}/social/login/chahub".format( settings.SOCIAL_AUTH_CHAHUB_BASE_URL, diff --git a/src/settings/base.py b/src/settings/base.py index d5047db82..b8d133a05 100644 --- a/src/settings/base.py +++ b/src/settings/base.py @@ -469,3 +469,10 @@ # on default queue when number of submissions are < RERUN_SUBMISSION_LIMIT # ============================================================================= RERUN_SUBMISSION_LIMIT = os.environ.get('RERUN_SUBMISSION_LIMIT', 30) + + +# ============================================================================= +# Enable or disbale regular email sign-in an sign-up +# ============================================================================= +ENABLE_SIGN_UP = os.environ.get('ENABLE_SIGN_UP', 'True').lower() == 'true' +ENABLE_SIGN_IN = os.environ.get('ENABLE_SIGN_IN', 'True').lower() == 'true' diff --git a/src/templates/base.html b/src/templates/base.html index 87ef997ed..fd54b5ab6 100644 --- a/src/templates/base.html +++ b/src/templates/base.html @@ -177,7 +177,9 @@ {% else %} Login - Sign-up + {% if ENABLE_SIGN_UP %} + Sign-up + {% endif %} {% endif %} diff --git a/src/templates/registration/login.html b/src/templates/registration/login.html index 55d8f10cf..9ffe94320 100644 --- a/src/templates/registration/login.html +++ b/src/templates/registration/login.html @@ -6,6 +6,7 @@

Login

+ {% if ENABLE_SIGN_IN %}
{% csrf_token %} @@ -52,11 +53,14 @@

-

New to us? Sign Up

+ {% if ENABLE_SIGN_UP %} +

Don't have an account? Sign Up

+ {% endif %}

Forgot your password?

+ {% endif %} {% endblock %} \ No newline at end of file diff --git a/src/utils/context_processors.py b/src/utils/context_processors.py index 4b6d77fab..dd49ccbbb 100644 --- a/src/utils/context_processors.py +++ b/src/utils/context_processors.py @@ -23,4 +23,6 @@ def common_settings(request): 'USER_JSON_DATA': json.dumps(user_json_data), 'RABBITMQ_MANAGEMENT_URL': f"http://{settings.DOMAIN_NAME}:{settings.RABBITMQ_MANAGEMENT_PORT}", 'FLOWER_URL': f"http://{settings.DOMAIN_NAME}:{settings.FLOWER_PUBLIC_PORT}", + 'ENABLE_SIGN_UP': settings.ENABLE_SIGN_UP, + 'ENABLE_SIGN_IN': settings.ENABLE_SIGN_IN, } From f1dd8aeda078902b6f88564ed6e5355000f2139d Mon Sep 17 00:00:00 2001 From: Ihsan Ullah Date: Sat, 3 Feb 2024 12:50:25 +0500 Subject: [PATCH 2/2] login html hide `login` title when sign in not enabled --- src/templates/registration/login.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/templates/registration/login.html b/src/templates/registration/login.html index 9ffe94320..2f1372819 100644 --- a/src/templates/registration/login.html +++ b/src/templates/registration/login.html @@ -3,10 +3,10 @@ {% block content %}
+ {% if ENABLE_SIGN_IN %}

Login

- {% if ENABLE_SIGN_IN %}
{% csrf_token %} @@ -63,4 +63,4 @@

{% endif %}
-{% endblock %} \ No newline at end of file +{% endblock %}