Enforce signups_allowed=False (#26)

8 files changed, 77 insertions, 2 deletions

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 98148fd..940fbbc 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -35,4 +35,4 @@ repos:
     rev: v0.982
     hooks:
       - id: mypy
-        additional_dependencies: [types-pyopenssl, types-bleach]
+        additional_dependencies: [types-pyopenssl, types-bleach, types-mock]
diff --git a/requirements-dev.txt b/requirements-dev.txt
index 8879356..6be4cd3 100644
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -3,6 +3,7 @@ pre-commit~=2.20.0
 black==22.10.0
 flake8==5.0.4
 isort==5.10.1
+mock~=4.0.3
 pre-commit~=2.20.0
 pytest-django~=4.5.2
 pytest-httpx~=0.21
diff --git a/templates/auth/signup.html b/templates/auth/signup.html
index b1aaa50..7924c0a 100644
--- a/templates/auth/signup.html
+++ b/templates/auth/signup.html
@@ -7,13 +7,24 @@
         {% csrf_token %}
         <fieldset>
             <legend>Create An Account</legend>
-            {{ config.signup_text|safe|linebreaks }}
+            {% if config.signup_text %}{{ config.signup_text|safe|linebreaks }}{% endif %}
+            {% if config.signup_allowed %}
             {% for field in form %}
                 {% include "forms/_field.html" %}
             {% endfor %}
+            {% else %}
+                {% if not config.signup_text %}
+                <p>Not accepting new users at this time</p>
+                {% endif %}
+            {% endif %}
+
         </fieldset>
+
+        {% if config.signup_allowed %}
         <div class="buttons">
             <button>Create</button>
         </div>
+        {% endif %}
+
     </form>
 {% endblock %}
diff --git a/users/tests/models/__init__.py b/users/tests/models/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/users/tests/models/__init__.py
diff --git a/users/tests/test_identity.py b/users/tests/models/test_identity.py
index 868894a..868894a 100644
--- a/users/tests/test_identity.py
+++ b/users/tests/models/test_identity.py
diff --git a/users/tests/views/__init__.py b/users/tests/views/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/users/tests/views/__init__.py
diff --git a/users/tests/views/test_auth.py b/users/tests/views/test_auth.py
new file mode 100644
index 0000000..22e1fb6
--- /dev/null
+++ b/users/tests/views/test_auth.py
@@ -0,0 +1,59 @@
+import mock
+import pytest
+
+from core.models import Config
+from users.models import User
+
+
+@pytest.fixture
+def config_system():
+    # TODO: Good enough for now, but a better Config mocking system is needed
+    result = Config.load_system()
+    with mock.patch("core.models.Config.load_system", return_value=result):
+        yield result
+
+
+@pytest.mark.django_db
+def test_signup_disabled(client, config_system):
+    # Signup disabled and no signup text
+    config_system.signup_allowed = False
+    resp = client.get("/auth/signup/")
+    assert resp.status_code == 200
+    content = str(resp.content)
+    assert "Not accepting new users at this time" in content
+    assert "<button>Create</button>" not in content
+
+    # Signup disabled with signup text configured
+    config_system.signup_text = "Go away!!!!!!"
+    resp = client.get("/auth/signup/")
+    assert resp.status_code == 200
+    content = str(resp.content)
+    assert "Go away!!!!!!" in content
+
+    # Ensure direct POST doesn't side step guard
+    resp = client.post(
+        "/auth/signup/", data={"email": "test_signup_disabled@example.org"}
+    )
+    assert resp.status_code == 200
+    assert not User.objects.filter(email="test_signup_disabled@example.org").exists()
+
+    # Signup enabled
+    config_system.signup_allowed = True
+    resp = client.get("/auth/signup/")
+    assert resp.status_code == 200
+    content = str(resp.content)
+    assert "Not accepting new users at this time" not in content
+    assert "<button>Create</button>" in content
+
+
+@pytest.mark.django_db
+def test_signup_invite_only(client, config_system):
+    config_system.signup_allowed = True
+    config_system.signup_invite_only = True
+
+    resp = client.get("/auth/signup/")
+    assert resp.status_code == 200
+    content = str(resp.content)
+    assert 'name="invite_code"' in content
+
+    # TODO: Actually test this
diff --git a/users/views/auth.py b/users/views/auth.py
index 2257ea5..61e9a29 100644
--- a/users/views/auth.py
+++ b/users/views/auth.py
@@ -49,6 +49,10 @@ class Signup(FormView):
                 raise forms.ValidationError("That is not a valid invite code")
             return invite_code
 
+        def clean(self):
+            if not Config.system.signup_allowed:
+                raise forms.ValidationError("Not accepting new users at this time")
+
     def form_valid(self, form):
         user = User.objects.create(email=form.cleaned_data["email"])
         # Auto-promote the user to admin if that setting is set