diff options
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | conf/general.yml-example | 4 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth.pm | 20 | ||||
| -rw-r--r-- | t/app/controller/auth.t | 93 | ||||
| -rw-r--r-- | templates/web/base/auth/token.html | 10 |
5 files changed, 124 insertions, 4 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index b4d296cee..f7703fea4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ - Extra fields can be added to report form site-wide. #1743 - Body users can filter reports by all states. #1790 - `LOGIN_REQUIRED` config key to limit site access to logged-in users. + - `SIGNUPS_DISABLED` config key to prevent new user registrations. - Front end improvements: - Always show pagination figures even if only one page. #1787 - Report pages list every update to a report. #1806 diff --git a/conf/general.yml-example b/conf/general.yml-example index 70bfd48d2..345a6426d 100644 --- a/conf/general.yml-example +++ b/conf/general.yml-example @@ -207,3 +207,7 @@ MESSAGE_MANAGER_URL: '' # If you want to hide all pages from non-logged-in users, set this to 1. LOGIN_REQUIRED: 0 + +# If you want to stop new users from registering, set this to 1. +# NB: This also disables all Facebook/Twitter logins. +SIGNUPS_DISABLED: 0 diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm index 83fb0554c..825066026 100644 --- a/perllib/FixMyStreet/App/Controller/Auth.pm +++ b/perllib/FixMyStreet/App/Controller/Auth.pm @@ -128,6 +128,18 @@ sub email_sign_in : Private { return; } + # If user registration is disabled then bail out at this point + # if there's not already a user with this email address. + # NB this uses the same template as a successful sign in to stop + # enumeration of valid email addresses. + if ( FixMyStreet->config('SIGNUPS_DISABLED') + && !$c->model('DB::User')->search({ email => $good_email })->count + && !$c->stash->{current_user} # don't break the change email flow + ) { + $c->stash->{template} = 'auth/token.html'; + return; + } + my $user_params = {}; $user_params->{password} = $c->get_param('password_register') if $c->get_param('password_register'); @@ -199,6 +211,10 @@ sub token : Path('/M') : Args(1) { my $user = $c->model('DB::User')->find_or_new({ email => $data->{email} }); + # Bail out if this is a new user and SIGNUPS_DISABLED is set + $c->detach( '/page_error_403_access_denied', [] ) + if FixMyStreet->config('SIGNUPS_DISABLED') && !$user->in_storage && !$data->{old_email}; + if ($data->{old_email}) { # Were logged in as old_email, want to switch to email ($user) if ($user->in_storage) { @@ -244,6 +260,8 @@ sub fb : Private { sub facebook_sign_in : Private { my ( $self, $c ) = @_; + $c->detach( '/page_error_403_access_denied', [] ) if FixMyStreet->config('SIGNUPS_DISABLED'); + my $fb = $c->forward('/auth/fb'); my $url = $fb->get_authorization_url(scope => ['email']); @@ -302,6 +320,8 @@ sub tw : Private { sub twitter_sign_in : Private { my ( $self, $c ) = @_; + $c->detach( '/page_error_403_access_denied', [] ) if FixMyStreet->config('SIGNUPS_DISABLED'); + my $twitter = $c->forward('/auth/tw'); my $url = $twitter->get_authentication_url(callback => $c->uri_for('/auth/Twitter')); diff --git a/t/app/controller/auth.t b/t/app/controller/auth.t index 388216a1f..cb7d16969 100644 --- a/t/app/controller/auth.t +++ b/t/app/controller/auth.t @@ -5,6 +5,7 @@ my $mech = FixMyStreet::TestMech->new; my $test_email = 'test@example.com'; my $test_email2 = 'test@example.net'; +my $test_email3 = 'newuser@example.org'; my $test_password = 'foobar'; END { @@ -279,6 +280,94 @@ subtest "sign in but have email form autofilled" => sub { is $mech->uri->path, '/my', "redirected to correct page"; }; +$mech->log_out_ok; -# more test: -# TODO: test that email are always lowercased +subtest "sign in with uppercase email" => sub { + $mech->get_ok('/auth'); + my $uc_test_email = uc $test_email; + $mech->submit_form_ok( + { + form_name => 'general_auth', + fields => { + email => $uc_test_email, + password_sign_in => $test_password, + }, + button => 'sign_in', + }, + "sign in with '$uc_test_email' and auto-completed name" + ); + is $mech->uri->path, '/my', "redirected to correct page"; + + $mech->content_contains($test_email); + $mech->content_lacks($uc_test_email); + + my $count = FixMyStreet::App->model('DB::User')->search( { email => $uc_test_email } )->count; + is $count, 0, "uppercase user wasn't created"; +}; + + +FixMyStreet::override_config { + SIGNUPS_DISABLED => 1, +}, sub { + subtest 'signing in with an unknown email address disallowed' => sub { + $mech->log_out_ok; + # create a new account + $mech->clear_emails_ok; + $mech->get_ok('/auth'); + $mech->submit_form_ok( + { + form_name => 'general_auth', + fields => { email => $test_email3, }, + button => 'email_sign_in', + }, + "create a new account" + ); + + ok $mech->email_count_is(0); + + my $count = FixMyStreet::App->model('DB::User')->search( { email => $test_email3 } )->count; + is $count, 0, "no user exists"; + }; + + subtest 'signing in as known email address with new password is allowed' => sub { + my $new_password = "myshinynewpassword"; + + $mech->clear_emails_ok; + $mech->get_ok('/auth'); + $mech->submit_form_ok( + { + form_name => 'general_auth', + fields => { + email => "$test_email", + password_register => $new_password, + r => 'faq', # Just as a test + }, + button => 'email_sign_in', + }, + "email_sign_in with '$test_email'" + ); + + $mech->not_logged_in_ok; + + ok $mech->email_count_is(1); + my $link = $mech->get_link_from_email; + $mech->get_ok($link); + is $mech->uri->path, '/faq', "redirected to the Help page"; + + $mech->log_out_ok; + + $mech->get_ok('/auth'); + $mech->submit_form_ok( + { + form_name => 'general_auth', + fields => { + email => $test_email, + password_sign_in => $new_password, + }, + button => 'sign_in', + }, + "sign in with '$test_email' and new password" + ); + is $mech->uri->path, '/my', "redirected to correct page"; + }; +}; diff --git a/templates/web/base/auth/token.html b/templates/web/base/auth/token.html index a4dedcec3..9a79a5e67 100644 --- a/templates/web/base/auth/token.html +++ b/templates/web/base/auth/token.html @@ -14,8 +14,14 @@ <div class="confirmation-header confirmation-header--inbox"> - <h1>[% loc("Nearly done! Now check your email…") %]</h1> - <p>[% loc("Click the link in our confirmation email to sign in.") %]</p> + [% IF c.config.SIGNUPS_DISABLED %] + <h1>[% loc("Nearly done!") %]</h1> + <p>[% loc("If there's a user associated with the address you entered, we've sent a confirmation email.") %]</p> + <p>[% loc("Click the link in that email to sign in.") %]</p> + [% ELSE %] + <h1>[% loc("Nearly done! Now check your email…") %]</h1> + <p>[% loc("Click the link in our confirmation email to sign in.") %]</p> + [% END %] <p> [% loc("Can’t find our email? Check your spam folder – that’s the solution 99% of the time.") %] |