monicahq · davpsh · Apr 22, 2024 · May 2, 2024 · May 4, 2024 · May 4, 2024
diff --git a/.env.example b/.env.example
@@ -26,6 +26,10 @@ APP_DEBUG=true
 # The URL of your application.
 APP_URL=http://localhost:8000
 
+# Ability to disable signups on your instance.
+# Can be true or false. Default to false.
+APP_DISABLE_SIGNUP=false
+
 # Database to store information
 # The documentation is here: https://laravel.com/docs/10.x/database
 # You can also see the different values you can use in config/database.php

diff --git a/app/Helpers/SignupHelper.php b/app/Helpers/SignupHelper.php
@@ -0,0 +1,33 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Helpers;
+
+use App\Models\Account;
+use Illuminate\Contracts\Config\Repository as ConfigRepository;
+
+class SignupHelper
+{
+ protected ConfigRepository $configRepository;
+
+ public function __construct(ConfigRepository $configRepository)
+ {
+ $this->configRepository = $configRepository;
+ }
+
+ public function isEnabled(): bool
+ {
+ return !($this->isDisabledByConfig() && $this->hasAtLeastOneAccount());
+ }
+
+ protected function isDisabledByConfig(): bool
+ {
+ return (bool) $this->configRepository->get('monica.disable_signup');
+ }
+
+ protected function hasAtLeastOneAccount(): bool
+ {
+ return !empty(Account::first());
+ }
+}
diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
@@ -2,6 +2,7 @@
 
 namespace App\Http\Controllers\Auth;
 
+use App\Helpers\SignupHelper;
 use App\Helpers\WallpaperHelper;
 use App\Http\Controllers\Controller;
 use App\Models\User;
@@ -14,6 +15,13 @@
 
 class LoginController extends Controller
 {
+ protected SignupHelper $signupHelper;
+
+ public function __construct(SignupHelper $signupHelper)
+ {
+ $this->signupHelper = $signupHelper;
+ }
+
  /**
  * Display the login view.
  */
@@ -40,6 +48,7 @@ public function __invoke(Request $request): Response
  }
 
  return Inertia::render('Auth/Login', $data + [
+ 'isSignupEnabled' => $this->signupHelper->isEnabled(),
  'canResetPassword' => Route::has('password.request'),
  'status' => session('status'),
  'wallpaperUrl' => WallpaperHelper::getRandomWallpaper(),

diff --git a/app/Http/Middleware/EnsureSignupIsEnabled.php b/app/Http/Middleware/EnsureSignupIsEnabled.php
@@ -0,0 +1,32 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Middleware;
+
+use App\Helpers\SignupHelper;
+use Closure;
+use Illuminate\Contracts\Translation\Translator;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class EnsureSignupIsEnabled
+{
+ protected SignupHelper $signupHelper;
+ protected Translator $translator;
+
+ public function __construct(SignupHelper $signupHelper, Translator $translator)
+ {
+ $this->signupHelper = $signupHelper;
+ $this->translator = $translator;
+ }
+
+ public function handle(Request $request, Closure $next): Response
+ {
+ if (!$this->signupHelper->isEnabled()) {
+ abort(Response::HTTP_FORBIDDEN, $this->translator->get('auth.signup_disabled'));
+ }
+
+ return $next($request);
+ }
+}
diff --git a/app/Providers/FortifyServiceProvider.php b/app/Providers/FortifyServiceProvider.php
@@ -11,9 +11,11 @@
 use Illuminate\Cache\RateLimiting\Limit;
 use Illuminate\Contracts\Auth\StatefulGuard;
 use Illuminate\Http\Request;
+use Illuminate\Routing\Router;
 use Illuminate\Support\Facades\RateLimiter;
 use Illuminate\Support\ServiceProvider;
 use Laravel\Fortify\Fortify;
+use Laravel\Fortify\Http\Controllers\RegisteredUserController;
 
 class FortifyServiceProvider extends ServiceProvider
 {
@@ -34,7 +36,11 @@ public function register()
  */
  public function boot()
  {
- Fortify::loginView(fn ($request) => (new LoginController())($request));
+ $this->patchRoutes();
+
+ $loginController = $this->app->make(LoginController::class);
+
+ Fortify::loginView(fn ($request) => $loginController($request));
  Fortify::confirmPasswordsUsing(fn ($user, ?string $password = null) => $user->password
  ? app(StatefulGuard::class)->validate([
  'email' => $user->email,
@@ -57,4 +63,19 @@ public function boot()
 
  RateLimiter::for('two-factor', fn (Request $request) => Limit::perMinute(5)->by($request->session()->get('login.id')));
  }
+
+ protected function patchRoutes(): void
+ {
+ if ($this->app->routesAreCached()) {
+ return;
+ }
+
+ $router = $this->app->make(Router::class);
+ $routes = $router->getRoutes();
+ collect(['create', 'store'])->each(function ($method) use ($routes) {
+ if ($route = $routes->getByAction(RegisteredUserController::class . '@' . $method)) {
+ $route->middleware('monica.signup_is_enabled');
+ }
+ });
+ }
 }
diff --git a/bootstrap/app.php b/bootstrap/app.php
@@ -1,5 +1,6 @@
 <?php
 
+use App\Http\Middleware\EnsureSignupIsEnabled;
 use Illuminate\Foundation\Application;
 use Illuminate\Foundation\Configuration\Exceptions;
 use Illuminate\Foundation\Configuration\Middleware;
@@ -26,6 +27,7 @@
  'abilities' => CheckAbilities::class,
  'ability' => CheckForAnyAbility::class,
  'webauthn' => WebauthnMiddleware::class,
+ 'monica.signup_is_enabled' => EnsureSignupIsEnabled::class,
  ]);
  $middleware->web(remove: [
  \Illuminate\Routing\Middleware\SubstituteBindings::class,

diff --git a/config/monica.php b/config/monica.php
@@ -13,6 +13,16 @@
 
  'app_version' => readVersion(__DIR__.'/.version', 'git describe --abbrev=0 --tags', '0.0.0'),
 
+ /*
+ |--------------------------------------------------------------------------
+ | Disable User registration
+ |--------------------------------------------------------------------------
+ |
+ | Disables registration of new users
+ |
+ */
+ 'disable_signup' => env('APP_DISABLE_SIGNUP', false),
+
  /*
  |--------------------------------------------------------------------------
  | Commit hash of the application

diff --git a/lang/en/auth.php b/lang/en/auth.php
@@ -4,6 +4,7 @@
 
 return [
  'failed' => 'These credentials do not match our records.',
+ 'signup_disabled' => 'Registration is currently disabled',
  'lang' => 'English',
  'login_provider_azure' => 'Microsoft',
  'login_provider_facebook' => 'Facebook',

diff --git a/phpunit.xml b/phpunit.xml
@@ -8,6 +8,7 @@
  <testsuite name="Unit">
  <directory suffix="Test.php">./tests/Feature</directory>
  <directory suffix="Test.php">./tests/Unit</directory>
+ <directory suffix="Test.php">./tests/PHPUnit</directory>
  </testsuite>
  </testsuites>
  <coverage/>

diff --git a/resources/js/Pages/Auth/Login.vue b/resources/js/Pages/Auth/Login.vue
@@ -11,6 +11,7 @@ import WebauthnLogin from '@/Pages/Webauthn/WebauthnLogin.vue';
 import AuthenticationCardLogo from '@/Components/AuthenticationCardLogo.vue';
 
 const props = defineProps({
+ isSignupEnabled: Boolean,
  canResetPassword: Boolean,
  status: String,
  wallpaperUrl: String,
@@ -195,7 +196,7 @@ const reload = () => {
  </form>
  </div>
 
- <div class="px-6 py-6 text-sm dark:text-gray-50">
+ <div v-if="isSignupEnabled" class="px-6 py-6 text-sm dark:text-gray-50">
  {{ $t('New to Monica?') }}
  <Link :href="route('register')" class="text-blue-500 hover:underline">
  {{ $t('Create an account') }}

diff --git a/tests/Feature/Auth/RegistrationTest.php b/tests/Feature/Auth/RegistrationTest.php
@@ -1,47 +1,67 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Feature\Auth;
 
+use App\Helpers\SignupHelper;
 use Illuminate\Foundation\Testing\DatabaseTransactions;
-use Laravel\Fortify\Features;
+use Illuminate\Http\Response;
 use Laravel\Jetstream\Jetstream;
-use PHPUnit\Framework\Attributes\Test;
+use Mockery;
 use Tests\TestCase;
 
 class RegistrationTest extends TestCase
 {
  use DatabaseTransactions;
 
- #[Test]
- public function registration_screen_can_be_rendered()
+ public function testAccessToRegistrationPage(): void
  {
  $this->withoutVite();
 
- if (! Features::enabled(Features::registration())) {
- return $this->markTestSkipped('Registration support is not enabled.');
- }
+ $isSignupEnabled = null;
+ $this->app->bind(SignupHelper::class, function () use (&$isSignupEnabled) {
+ $mock = Mockery::mock(SignupHelper::class)->makePartial();
+ $mock->shouldReceive('isEnabled')->andReturn($isSignupEnabled);
+ return $mock;
+ });
 
+ $isSignupEnabled = true;
  $response = $this->get('/register');
+ $response->assertStatus(Response::HTTP_OK);
 
- $response->assertStatus(200);
+ $isSignupEnabled = false;
+ $response = $this->get('/register');
+ $response->assertStatus(Response::HTTP_FORBIDDEN);
+ $response->assertSeeText('Registration is currently disabled');
  }
 
- #[Test]
- public function new_users_can_register()
+ public function testRegistration(): void
  {
- if (! Features::enabled(Features::registration())) {
- return $this->markTestSkipped('Registration support is not enabled.');
- }
+ $isSignupEnabled = null;
+ $this->app->bind(SignupHelper::class, function () use (&$isSignupEnabled) {
+ $mock = Mockery::mock(SignupHelper::class)->makePartial();
+ $mock->shouldReceive('isEnabled')->andReturn($isSignupEnabled);
+ return $mock;
+ });
 
- $response = $this->post('/register', [
+ $data = [
  'first_name' => 'Test',
  'last_name' => 'User',
  'email' => '[email protected]',
  'password' => 'Password$123',
  'password_confirmation' => 'Password$123',
  'terms' => Jetstream::hasTermsAndPrivacyPolicyFeature(),
- ]);
+ ];
+
+ $isSignupEnabled = false;
+ $response = $this->post('/register', $data);
+ $response->assertStatus(Response::HTTP_FORBIDDEN);
+ $response->assertSeeText('Registration is currently disabled');
 
+ $isSignupEnabled = true;
+ $response = $this->post('/register', $data);
+ $response->assertStatus(Response::HTTP_OK);
  $this->assertAuthenticated();
  $response->assertRedirect('/vaults');
  }

diff --git a/tests/PHPUnit/Helpers/SignupHelperTest.php b/tests/PHPUnit/Helpers/SignupHelperTest.php
@@ -0,0 +1,53 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tests\PHPUnit\Helpers;
+
+use App\Helpers\SignupHelper;
+use Illuminate\Contracts\Config\Repository as ConfigRepository;
+use Mockery;
+use Mockery\Adapter\Phpunit\MockeryPHPUnitIntegration;
+use PHPUnit\Framework\Attributes\DataProvider;
+use PHPUnit\Framework\TestCase;
+
+#[CoversClass(SignupHelper::class)]
+class SignupHelperTest extends TestCase
+{
+ use MockeryPHPUnitIntegration;
+
+ #[DataProvider('isEnabledDataProvider')]
+ public function testIsEnabled(bool $isSignupDisabled, bool $hasAtLeastOneAccount, bool $expectedResult): void
+ {
+ $helper = Mockery::mock(SignupHelper::class)->shouldAllowMockingProtectedMethods()->makePartial();
+ $helper->shouldReceive('isDisabledByConfig')->andReturn($isSignupDisabled);
+ $helper->shouldReceive('hasAtLeastOneAccount')->andReturn($hasAtLeastOneAccount);
+
+ $this->assertEquals($expectedResult, $helper->isEnabled());
+ }
+
+ public function isEnabledDataProvider(): iterable
+ {
+ // $isSignupDisabled, $hasAtLeastOneAccount, $expectedResult
+ return [
+ [true, true, false],
+ [true, false, true],
+ [false, true, true],
+ [false, false, true],
+ ];
+ }
+
+ public function testIsDisabledByConfig(): void
+ {
+ $configRepository = Mockery::mock(ConfigRepository::class)->makePartial();
+ $configRepository->shouldReceive('get')
+ ->once()
+ ->withArgs(function ($name) {
+ return $name === 'monica.disable_signup';
+ })
+ ->andReturnTrue();
+
+ $helper = Mockery::mock(SignupHelper::class, [$configRepository])->makePartial();
+ $helper->isDisabledByConfig();
+ }
+}