Enforce signups_allowed=False (#26)

5 files changed, 63 insertions, 0 deletions

diff --git a/users/tests/models/__init__.py b/users/tests/models/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/users/tests/models/__init__.py
diff --git a/users/tests/test_identity.py b/users/tests/models/test_identity.py
index 868894a..868894a 100644
--- a/users/tests/test_identity.py
+++ b/users/tests/models/test_identity.py
diff --git a/users/tests/views/__init__.py b/users/tests/views/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/users/tests/views/__init__.py
diff --git a/users/tests/views/test_auth.py b/users/tests/views/test_auth.py
new file mode 100644
index 0000000..22e1fb6
--- /dev/null
+++ b/users/tests/views/test_auth.py
@@ -0,0 +1,59 @@
+import mock
+import pytest
+
+from core.models import Config
+from users.models import User
+
+
+@pytest.fixture
+def config_system():
+    # TODO: Good enough for now, but a better Config mocking system is needed
+    result = Config.load_system()
+    with mock.patch("core.models.Config.load_system", return_value=result):
+        yield result
+
+
+@pytest.mark.django_db
+def test_signup_disabled(client, config_system):
+    # Signup disabled and no signup text
+    config_system.signup_allowed = False
+    resp = client.get("/auth/signup/")
+    assert resp.status_code == 200
+    content = str(resp.content)
+    assert "Not accepting new users at this time" in content
+    assert "<button>Create</button>" not in content
+
+    # Signup disabled with signup text configured
+    config_system.signup_text = "Go away!!!!!!"
+    resp = client.get("/auth/signup/")
+    assert resp.status_code == 200
+    content = str(resp.content)
+    assert "Go away!!!!!!" in content
+
+    # Ensure direct POST doesn't side step guard
+    resp = client.post(
+        "/auth/signup/", data={"email": "test_signup_disabled@example.org"}
+    )
+    assert resp.status_code == 200
+    assert not User.objects.filter(email="test_signup_disabled@example.org").exists()
+
+    # Signup enabled
+    config_system.signup_allowed = True
+    resp = client.get("/auth/signup/")
+    assert resp.status_code == 200
+    content = str(resp.content)
+    assert "Not accepting new users at this time" not in content
+    assert "<button>Create</button>" in content
+
+
+@pytest.mark.django_db
+def test_signup_invite_only(client, config_system):
+    config_system.signup_allowed = True
+    config_system.signup_invite_only = True
+
+    resp = client.get("/auth/signup/")
+    assert resp.status_code == 200
+    content = str(resp.content)
+    assert 'name="invite_code"' in content
+
+    # TODO: Actually test this
diff --git a/users/views/auth.py b/users/views/auth.py
index 2257ea5..61e9a29 100644
--- a/users/views/auth.py
+++ b/users/views/auth.py
@@ -49,6 +49,10 @@ class Signup(FormView):
                 raise forms.ValidationError("That is not a valid invite code")
             return invite_code
 
+        def clean(self):
+            if not Config.system.signup_allowed:
+                raise forms.ValidationError("Not accepting new users at this time")
+
     def form_valid(self, form):
         user = User.objects.create(email=form.cleaned_data["email"])
         # Auto-promote the user to admin if that setting is set