Hide registration behind a feature flag instead of disabling it compl…

…etely
camptocamp · Nov 21, 2024 · a4f02ab · a4f02ab
1 parent 6f80814
commit a4f02ab
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 7 deletions.
diff --git a/.env.sample b/.env.sample
@@ -53,6 +53,9 @@ DEFAULT_LANGUAGE=en
 # Geometric settings
 DEFAULT_SRID=2056
 
+# Registration disabled by default
+REGISTRATION_ENABLED = False
+
 # OIDC parameters
 OIDC_ENABLED = False
 OIDC_OP_BASE_URL="please set oidc op base url"

diff --git a/default_settings.py b/default_settings.py
@@ -282,6 +282,11 @@
     },
 }
 
+FEATURE_FLAGS = {
+    "oidc": os.environ.get("OIDC_ENABLED", "False") == "False",
+    "registration": os.environ.get("REGISTRATION_ENABLED", "False") == "False",
+}
+
 AUTHENTICATION_BACKENDS = ("django.contrib.auth.backends.ModelBackend",)
 
 
@@ -308,7 +313,7 @@ def discover_endpoints(discovery_url: str) -> dict:
 
 
 def check_oidc() -> bool:
-    if os.environ.get("OIDC_ENABLED", "False") == "False":
+    if FEATURE_FLAGS['oidc']:
         return False
     missing = []
     for x in ["OIDC_RP_CLIENT_ID", "ZITADEL_PROJECT", "OIDC_OP_BASE_URL", "OIDC_PRIVATE_KEYFILE"]:
@@ -318,8 +323,7 @@ def check_oidc() -> bool:
         raise ImproperlyConfigured(f"OIDC is enabled, but missing required parameters {missing}")
     return True
 
-OIDC_ENABLED = check_oidc()
-if OIDC_ENABLED:
+if check_oidc():
     INSTALLED_APPS.append('mozilla_django_oidc')
     MIDDLEWARE.append('mozilla_django_oidc.middleware.SessionRefresh')
     AUTHENTICATION_BACKENDS = ('oidc.PermissionBackend',) + AUTHENTICATION_BACKENDS

diff --git a/urls.py b/urls.py
@@ -55,7 +55,7 @@
 router.register_additional_route_to_root(f'{ROOTURL}auth/current', 'auth_current_user')
 router.register_additional_route_to_root(f'{ROOTURL}auth/password', 'auth_password')
 router.register_additional_route_to_root(f'{ROOTURL}auth/password/confirm', 'auth_password_confirm')
-router.register_additional_route_to_root(f'{ROOTURL}auth/register', 'auth_register')
+
 
 # Wire up our API using automatic URL routing.
 # Additionally, we include login URLs for the browsable API.
@@ -75,7 +75,6 @@
     path(f'{ROOTURL}auth/verify-email/', views.VerifyEmailView.as_view(), name='auth_verify_email'),
     re_path(rf'^{ROOTURL}auth/account-confirm-email/(?P<key>[-:\w]+)/$', TemplateView.as_view(),
             name='account_confirm_email'),
-    path(f'{ROOTURL}auth/register/', views.RegisterView.as_view(), name='auth_register'),
     path(f'{ROOTURL}extract/order/', views.ExtractOrderView.as_view(), name='extract_order'),
     path(f'{ROOTURL}extract/orderitem/', views.ExtractOrderItemView.as_view(), name='extract_orderitem'),
     re_path(rf'^{ROOTURL}extract/orderitem/(?P<pk>[0-9]+)$',
@@ -93,11 +92,18 @@
     path(f'{ROOTURL}health/', include('health_check.urls')),
 ] + static(settings.STATIC_URL,document_root=settings.STATIC_ROOT) + static(settings.MEDIA_URL,document_root=settings.MEDIA_ROOT)
 
-            # OIDC urls
-if settings.OIDC_ENABLED:
+# OIDC links if OIDC is enabled
+if settings.FEATURE_FLAGS["oidc"]:
     urlpatterns += [
         path(f'{ROOTURL}oidc/token', oidc.FrontendAuthentication.as_view(), name='oidc_validate_token'),
         path(f'{ROOTURL}oidc/callback', OIDCCallbackClass.as_view(), name='oidc_authentication_callback'),
         path(f'{ROOTURL}oidc/authenticate/', OIDCAuthenticateClass.as_view(), name='oidc_authentication_init'),
         path(f'{ROOTURL}oidc/logout', OIDCLogoutView.as_view(), name='oidc_logout'),
     ]
+
+# Registration links if registration is enabled
+if settings.FEATURE_FLAGS["registration"]:
+    router.register_additional_route_to_root(f'{ROOTURL}auth/register', 'auth_register')
+    urlpatterns += [
+        path(f'{ROOTURL}auth/register/', views.RegisterView.as_view(), name='auth_register'),
+    ]