From a6f4e74aa574e4ac00eb520fff71bb53f909e0b7 Mon Sep 17 00:00:00 2001 From: NarayanBavisetti Date: Thu, 23 Nov 2023 18:35:15 +0530 Subject: [PATCH] chore: deactivation and login disabled --- apiserver/plane/app/views/authentication.py | 50 ++++++++++++++------- apiserver/plane/app/views/config.py | 10 ++--- apiserver/plane/app/views/issue.py | 1 + apiserver/plane/app/views/oauth.py | 44 +++++++++++++----- 4 files changed, 72 insertions(+), 33 deletions(-) diff --git a/apiserver/plane/app/views/authentication.py b/apiserver/plane/app/views/authentication.py index 93d381117..e315ee9c6 100644 --- a/apiserver/plane/app/views/authentication.py +++ b/apiserver/plane/app/views/authentication.py @@ -1,4 +1,5 @@ # Python imports +import os import uuid import random import string @@ -32,7 +33,8 @@ from plane.db.models import ( ) from plane.settings.redis import redis_instance from plane.bgtasks.magic_link_code_task import magic_link - +from plane.license.models import InstanceConfiguration +from plane.license.utils.instance_value import get_configuration_value def get_tokens_for_user(user): refresh = RefreshToken.for_user(user) @@ -46,7 +48,17 @@ class SignUpEndpoint(BaseAPIView): permission_classes = (AllowAny,) def post(self, request): - if not settings.ENABLE_SIGNUP: + instance_configuration = InstanceConfiguration.objects.values("key", "value") + if ( + not get_configuration_value( + instance_configuration, + "ENABLE_SIGNUP", + os.environ.get("ENABLE_SIGNUP", "0"), + ) + and not WorkspaceMemberInvite.objects.filter( + email=request.user.email + ).exists() + ): return Response( { "error": "New account creation is disabled. Please contact your site administrator" @@ -224,15 +236,9 @@ class SignInEndpoint(BaseAPIView): }, status=status.HTTP_403_FORBIDDEN, ) - if not user.is_active: - return Response( - { - "error": "Your account has been deactivated. Please contact your site administrator." - }, - status=status.HTTP_403_FORBIDDEN, - ) # settings last active for the user + user.is_active = True user.last_active = timezone.now() user.last_login_time = timezone.now() user.last_login_ip = request.META.get("REMOTE_ADDR") @@ -360,6 +366,24 @@ class MagicSignInGenerateEndpoint(BaseAPIView): def post(self, request): email = request.data.get("email", False) + instance_configuration = InstanceConfiguration.objects.values("key", "value") + if ( + not get_configuration_value( + instance_configuration, + "ENABLE_MAGIC_LINK_LOGIN", + os.environ.get("ENABLE_MAGIC_LINK_LOGIN"), + ) + and not WorkspaceMemberInvite.objects.filter( + email=request.user.email + ).exists() + ): + return Response( + { + "error": "New account creation is disabled. Please contact your site administrator" + }, + status=status.HTTP_400_BAD_REQUEST, + ) + if not email: return Response( {"error": "Please provide a valid email address"}, @@ -443,13 +467,6 @@ class MagicSignInEndpoint(BaseAPIView): if str(token) == str(user_token): if User.objects.filter(email=email).exists(): user = User.objects.get(email=email) - if not user.is_active: - return Response( - { - "error": "Your account has been deactivated. Please contact your site administrator." - }, - status=status.HTTP_403_FORBIDDEN, - ) try: # Send event to Jitsu for tracking if settings.ANALYTICS_BASE_API: @@ -506,6 +523,7 @@ class MagicSignInEndpoint(BaseAPIView): except RequestException as e: capture_exception(e) + user.is_active = True user.last_active = timezone.now() user.last_login_time = timezone.now() user.last_login_ip = request.META.get("REMOTE_ADDR") diff --git a/apiserver/plane/app/views/config.py b/apiserver/plane/app/views/config.py index 411f9c5dd..d0fe0819a 100644 --- a/apiserver/plane/app/views/config.py +++ b/apiserver/plane/app/views/config.py @@ -25,7 +25,7 @@ class ConfigurationEndpoint(BaseAPIView): data = {} # Authentication - data["google_client_id"] = get_configuration_value( + data["google_client_id"] = ( instance_configuration, "GOOGLE_CLIENT_ID", os.environ.get("GOOGLE_CLIENT_ID", None), @@ -45,22 +45,22 @@ class ConfigurationEndpoint(BaseAPIView): get_configuration_value( instance_configuration, "EMAIL_HOST_USER", - os.environ.get("GITHUB_APP_NAME", None), + os.environ.get("EMAIL_HOST_USER", None), ), ) and bool( get_configuration_value( instance_configuration, "EMAIL_HOST_PASSWORD", - os.environ.get("GITHUB_APP_NAME", None), + os.environ.get("EMAIL_HOST_PASSWORD", None), ) ) ) and get_configuration_value( - instance_configuration, "ENABLE_MAGIC_LINK_LOGIN", "0" + instance_configuration, "ENABLE_MAGIC_LINK_LOGIN", "1" ) == "1" data["email_password_login"] = ( get_configuration_value( - instance_configuration, "ENABLE_EMAIL_PASSWORD", "0" + instance_configuration, "ENABLE_EMAIL_PASSWORD", "1" ) == "1" ) diff --git a/apiserver/plane/app/views/issue.py b/apiserver/plane/app/views/issue.py index b03c0ea4f..1f61a3764 100644 --- a/apiserver/plane/app/views/issue.py +++ b/apiserver/plane/app/views/issue.py @@ -371,6 +371,7 @@ class IssueListGroupedEndpoint(BaseAPIView): issue_queryset = ( Issue.objects.filter(workspace__slug=slug, project_id=project_id) + .filter(~Q(state="Triage")) .select_related("project") .select_related("workspace") .select_related("state") diff --git a/apiserver/plane/app/views/oauth.py b/apiserver/plane/app/views/oauth.py index 31b28415a..514d90050 100644 --- a/apiserver/plane/app/views/oauth.py +++ b/apiserver/plane/app/views/oauth.py @@ -30,6 +30,8 @@ from plane.db.models import ( ProjectMember, ) from .base import BaseAPIView +from plane.license.models import InstanceConfiguration +from plane.license.utils.instance_value import get_configuration_value def get_tokens_for_user(user): @@ -137,6 +139,30 @@ class OauthEndpoint(BaseAPIView): id_token = request.data.get("credential", False) client_id = request.data.get("clientId", False) + instance_configuration = InstanceConfiguration.objects.values( + "key", "value" + ) + if ( + not get_configuration_value( + instance_configuration, + "GOOGLE_CLIENT_ID", + os.environ.get("GOOGLE_CLIENT_ID"), + ) + or not get_configuration_value( + instance_configuration, + "GITHUB_CLIENT_ID", + os.environ.get("GITHUB_CLIENT_ID"), + ) + ) and not WorkspaceMemberInvite.objects.filter( + email=request.user.email + ).exists(): + return Response( + { + "error": "New account creation is disabled. Please contact your site administrator" + }, + status=status.HTTP_400_BAD_REQUEST, + ) + if not medium or not id_token: return Response( { @@ -174,15 +200,7 @@ class OauthEndpoint(BaseAPIView): status=status.HTTP_400_BAD_REQUEST, ) - ## Login Case - if not user.is_active: - return Response( - { - "error": "Your account has been deactivated. Please contact your site administrator." - }, - status=status.HTTP_403_FORBIDDEN, - ) - + user.is_active = True user.last_active = timezone.now() user.last_login_time = timezone.now() user.last_login_ip = request.META.get("REMOTE_ADDR") @@ -239,7 +257,8 @@ class OauthEndpoint(BaseAPIView): else 15, member=user, created_by_id=project_member_invite.created_by_id, - ) for project_member_invite in project_member_invites + ) + for project_member_invite in project_member_invites ], ignore_conflicts=True, ) @@ -373,7 +392,8 @@ class OauthEndpoint(BaseAPIView): else 15, member=user, created_by_id=project_member_invite.created_by_id, - ) for project_member_invite in project_member_invites + ) + for project_member_invite in project_member_invites ], ignore_conflicts=True, ) @@ -420,4 +440,4 @@ class OauthEndpoint(BaseAPIView): "access_token": access_token, "refresh_token": refresh_token, } - return Response(data, status=status.HTTP_201_CREATED) \ No newline at end of file + return Response(data, status=status.HTTP_201_CREATED)