diff --git a/.env.sample b/.env.sample index b4db5f3..a6d5a9b 100644 --- a/.env.sample +++ b/.env.sample @@ -53,6 +53,9 @@ DEFAULT_LANGUAGE=en # Geometric settings DEFAULT_SRID=2056 +# Registration disabled by default +REGISTRATION_ENABLED = False + # OIDC parameters OIDC_ENABLED = False OIDC_OP_BASE_URL="please set oidc op base url" diff --git a/default_settings.py b/default_settings.py index 43a786d..a81b386 100644 --- a/default_settings.py +++ b/default_settings.py @@ -282,6 +282,11 @@ }, } +FEATURE_FLAGS = { + "oidc": os.environ.get("OIDC_ENABLED", "False") == "False", + "registration": os.environ.get("REGISTRATION_ENABLED", "False") == "False", +} + AUTHENTICATION_BACKENDS = ("django.contrib.auth.backends.ModelBackend",) @@ -308,7 +313,7 @@ def discover_endpoints(discovery_url: str) -> dict: def check_oidc() -> bool: - if os.environ.get("OIDC_ENABLED", "False") == "False": + if FEATURE_FLAGS['oidc']: return False missing = [] for x in ["OIDC_RP_CLIENT_ID", "ZITADEL_PROJECT", "OIDC_OP_BASE_URL", "OIDC_PRIVATE_KEYFILE"]: @@ -318,8 +323,7 @@ def check_oidc() -> bool: raise ImproperlyConfigured(f"OIDC is enabled, but missing required parameters {missing}") return True -OIDC_ENABLED = check_oidc() -if OIDC_ENABLED: +if check_oidc(): INSTALLED_APPS.append('mozilla_django_oidc') MIDDLEWARE.append('mozilla_django_oidc.middleware.SessionRefresh') AUTHENTICATION_BACKENDS = ('oidc.PermissionBackend',) + AUTHENTICATION_BACKENDS diff --git a/urls.py b/urls.py index 232854c..52610ca 100644 --- a/urls.py +++ b/urls.py @@ -55,7 +55,7 @@ router.register_additional_route_to_root(f'{ROOTURL}auth/current', 'auth_current_user') router.register_additional_route_to_root(f'{ROOTURL}auth/password', 'auth_password') router.register_additional_route_to_root(f'{ROOTURL}auth/password/confirm', 'auth_password_confirm') -router.register_additional_route_to_root(f'{ROOTURL}auth/register', 'auth_register') + # Wire up our API using automatic URL routing. # Additionally, we include login URLs for the browsable API. @@ -75,7 +75,6 @@ path(f'{ROOTURL}auth/verify-email/', views.VerifyEmailView.as_view(), name='auth_verify_email'), re_path(rf'^{ROOTURL}auth/account-confirm-email/(?P[-:\w]+)/$', TemplateView.as_view(), name='account_confirm_email'), - path(f'{ROOTURL}auth/register/', views.RegisterView.as_view(), name='auth_register'), path(f'{ROOTURL}extract/order/', views.ExtractOrderView.as_view(), name='extract_order'), path(f'{ROOTURL}extract/orderitem/', views.ExtractOrderItemView.as_view(), name='extract_orderitem'), re_path(rf'^{ROOTURL}extract/orderitem/(?P[0-9]+)$', @@ -93,11 +92,18 @@ path(f'{ROOTURL}health/', include('health_check.urls')), ] + static(settings.STATIC_URL,document_root=settings.STATIC_ROOT) + static(settings.MEDIA_URL,document_root=settings.MEDIA_ROOT) - # OIDC urls -if settings.OIDC_ENABLED: +# OIDC links if OIDC is enabled +if settings.FEATURE_FLAGS["oidc"]: urlpatterns += [ path(f'{ROOTURL}oidc/token', oidc.FrontendAuthentication.as_view(), name='oidc_validate_token'), path(f'{ROOTURL}oidc/callback', OIDCCallbackClass.as_view(), name='oidc_authentication_callback'), path(f'{ROOTURL}oidc/authenticate/', OIDCAuthenticateClass.as_view(), name='oidc_authentication_init'), path(f'{ROOTURL}oidc/logout', OIDCLogoutView.as_view(), name='oidc_logout'), ] + +# Registration links if registration is enabled +if settings.FEATURE_FLAGS["registration"]: + router.register_additional_route_to_root(f'{ROOTURL}auth/register', 'auth_register') + urlpatterns += [ + path(f'{ROOTURL}auth/register/', views.RegisterView.as_view(), name='auth_register'), + ] \ No newline at end of file