dynamically disable registration

Matthew Fisher · Matthew Fisher · commit deb6a14c02a0 · 2014-04-02T09:51:00.000-04:00
fixes #547
diff --git a/controller/api/tests/test_auth.py b/controller/api/tests/test_auth.py
@@ -11,6 +11,7 @@
 
 from django.conf import settings
 from django.test import TestCase
+from django.test.utils import override_settings
 
 
 class AuthTest(TestCase):
@@ -85,6 +86,22 @@ def test_auth(self):
         response = self.client.get(url)
         self.assertEqual(response.status_code, 200)
 
+    @override_settings(REGISTRATION_ENABLED=False)
+    def test_auth_registration_disabled(self):
+        """test that a new user cannot register when registration is disabled."""
+        url = '/api/auth/register'
+        submit = {
+            'username': 'testuser',
+            'password': 'password',
+            'first_name': 'test',
+            'last_name': 'user',
+            'email': 'test@user.com',
+            'is_superuser': False,
+            'is_staff': False,
+        }
+        response = self.client.post(url, json.dumps(submit), content_type='application/json')
+        self.assertEqual(response.status_code, 403)
+
     def test_cancel(self):
         """Test that a registered user can cancel her account."""
         # test registration workflow
diff --git a/controller/api/views.py b/controller/api/views.py
@@ -111,6 +111,14 @@ def has_permission(self, request, view):
         return request.method in permissions.SAFE_METHODS or request.user.is_superuser
 
 
+class HasRegistrationAuth(permissions.BasePermission):
+    """
+    Checks to see if registration is enabled
+    """
+    def has_permission(self, request, view):
+        return settings.REGISTRATION_ENABLED
+
+
 class HasBuilderAuth(permissions.BasePermission):
     """
     View permission to allow builder to perform actions
@@ -132,7 +140,7 @@ class UserRegistrationView(viewsets.GenericViewSet,
     model = User
 
     authentication_classes = (AnonymousAuthentication,)
-    permission_classes = (IsAnonymous,)
+    permission_classes = (IsAnonymous, HasRegistrationAuth)
     serializer_class = serializers.UserSerializer
 
     def post_save(self, user, created=False):
diff --git a/controller/deis/settings.py b/controller/deis/settings.py
@@ -296,6 +296,9 @@
 # default providers, typically overriden in local_settings to include ec2, etc.
 PROVIDER_MODULES = ('mock',)
 
+# check if we can register users with `deis register`
+REGISTRATION_ENABLED = True
+
 # default to sqlite3, but allow postgresql config through envvars
 DATABASES = {
     'default': {
