Skip to content

Commit

Permalink
Merge pull request #592 from jbernal0019/master
Browse files Browse the repository at this point in the history 
Disable user acct creation endpoint post if DISABLE_USER_ACCOUNT_CREATION variable is set to True
  • Loading branch information
@jbernal0019
jbernal0019 authored Nov 5, 2024
2 parents 2912c32 + e873e3f commit 3e15a1b
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 1 deletion.
5 changes: 5 additions & 0 deletions chris_backend/config/settings/local.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,7 @@

COMPUTE_RESOURCE_URL = 'http://pfcon.remote:30005/api/v1/'


# corsheaders
# ------------------------------------------------------------------------------
CORS_ALLOW_ALL_ORIGINS = True
Expand Down Expand Up @@ -204,3 +205,7 @@
'users.models.CustomLDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)


# Setting to enable/disable user creation through an API endpoint
DISABLE_USER_ACCOUNT_CREATION = False
4 changes: 4 additions & 0 deletions chris_backend/config/settings/production.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,3 +181,7 @@ def get_secret(setting, secret_type=env):
'users.models.CustomLDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)


# ENABLE/DISABLE USER CREATION THROUGH AN API ENDPOINT
DISABLE_USER_ACCOUNT_CREATION = get_secret('DISABLE_USER_ACCOUNT_CREATION', env.bool)
8 changes: 7 additions & 1 deletion chris_backend/users/views.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@

from django.contrib.auth.models import User, Group
from django.shortcuts import get_object_or_404
from django.conf import settings
from rest_framework import generics, permissions, serializers
from rest_framework.reverse import reverse
from rest_framework.response import Response
Expand All @@ -13,7 +14,8 @@


class UserCreate(generics.ListCreateAPIView):
http_method_names = ['get', 'post']
http_method_names = ['get'] if settings.DISABLE_USER_ACCOUNT_CREATION else ['get',
'post']
queryset = User.objects.all()
serializer_class = UserSerializer

Expand All @@ -22,6 +24,10 @@ def list(self, request, *args, **kwargs):
Overriden to append a collection+json write template.
"""
response = services.get_list_response(self, [])

if settings.DISABLE_USER_ACCOUNT_CREATION:
return response

template_data = {"username": "", "password": "", "email": ""}
return services.append_collection_template(response, template_data)

Expand Down

0 comments on commit 3e15a1b

Please sign in to comment.