forked from github/plane
chore: deactivation and login disabled
This commit is contained in:
NarayanBavisetti
parent
528372aff6
commit
a6f4e74aa5
@ -1,4 +1,5 @@
|
|||||||
# Python imports
|
# Python imports
|
||||||
|
import os
|
||||||
import uuid
|
import uuid
|
||||||
import random
|
import random
|
||||||
import string
|
import string
|
||||||
@ -32,7 +33,8 @@ from plane.db.models import (
|
|||||||
)
|
)
|
||||||
from plane.settings.redis import redis_instance
|
from plane.settings.redis import redis_instance
|
||||||
from plane.bgtasks.magic_link_code_task import magic_link
|
from plane.bgtasks.magic_link_code_task import magic_link
|
||||||
|
from plane.license.models import InstanceConfiguration
|
||||||
|
from plane.license.utils.instance_value import get_configuration_value
|
||||||
|
|
||||||
def get_tokens_for_user(user):
|
def get_tokens_for_user(user):
|
||||||
refresh = RefreshToken.for_user(user)
|
refresh = RefreshToken.for_user(user)
|
||||||
@ -46,7 +48,17 @@ class SignUpEndpoint(BaseAPIView):
|
|||||||
permission_classes = (AllowAny,)
|
permission_classes = (AllowAny,)
|
||||||
|
|
||||||
def post(self, request):
|
def post(self, request):
|
||||||
if not settings.ENABLE_SIGNUP:
|
instance_configuration = InstanceConfiguration.objects.values("key", "value")
|
||||||
|
if (
|
||||||
|
not get_configuration_value(
|
||||||
|
instance_configuration,
|
||||||
|
"ENABLE_SIGNUP",
|
||||||
|
os.environ.get("ENABLE_SIGNUP", "0"),
|
||||||
|
)
|
||||||
|
and not WorkspaceMemberInvite.objects.filter(
|
||||||
|
email=request.user.email
|
||||||
|
).exists()
|
||||||
|
):
|
||||||
return Response(
|
return Response(
|
||||||
{
|
{
|
||||||
"error": "New account creation is disabled. Please contact your site administrator"
|
"error": "New account creation is disabled. Please contact your site administrator"
|
||||||
@ -224,15 +236,9 @@ class SignInEndpoint(BaseAPIView):
|
|||||||
},
|
},
|
||||||
status=status.HTTP_403_FORBIDDEN,
|
status=status.HTTP_403_FORBIDDEN,
|
||||||
)
|
)
|
||||||
if not user.is_active:
|
|
||||||
return Response(
|
|
||||||
{
|
|
||||||
"error": "Your account has been deactivated. Please contact your site administrator."
|
|
||||||
},
|
|
||||||
status=status.HTTP_403_FORBIDDEN,
|
|
||||||
)
|
|
||||||
|
|
||||||
# settings last active for the user
|
# settings last active for the user
|
||||||
|
user.is_active = True
|
||||||
user.last_active = timezone.now()
|
user.last_active = timezone.now()
|
||||||
user.last_login_time = timezone.now()
|
user.last_login_time = timezone.now()
|
||||||
user.last_login_ip = request.META.get("REMOTE_ADDR")
|
user.last_login_ip = request.META.get("REMOTE_ADDR")
|
||||||
@ -360,6 +366,24 @@ class MagicSignInGenerateEndpoint(BaseAPIView):
|
|||||||
def post(self, request):
|
def post(self, request):
|
||||||
email = request.data.get("email", False)
|
email = request.data.get("email", False)
|
||||||
|
|
||||||
|
instance_configuration = InstanceConfiguration.objects.values("key", "value")
|
||||||
|
if (
|
||||||
|
not get_configuration_value(
|
||||||
|
instance_configuration,
|
||||||
|
"ENABLE_MAGIC_LINK_LOGIN",
|
||||||
|
os.environ.get("ENABLE_MAGIC_LINK_LOGIN"),
|
||||||
|
)
|
||||||
|
and not WorkspaceMemberInvite.objects.filter(
|
||||||
|
email=request.user.email
|
||||||
|
).exists()
|
||||||
|
):
|
||||||
|
return Response(
|
||||||
|
{
|
||||||
|
"error": "New account creation is disabled. Please contact your site administrator"
|
||||||
|
},
|
||||||
|
status=status.HTTP_400_BAD_REQUEST,
|
||||||
|
)
|
||||||
|
|
||||||
if not email:
|
if not email:
|
||||||
return Response(
|
return Response(
|
||||||
{"error": "Please provide a valid email address"},
|
{"error": "Please provide a valid email address"},
|
||||||
@ -443,13 +467,6 @@ class MagicSignInEndpoint(BaseAPIView):
|
|||||||
if str(token) == str(user_token):
|
if str(token) == str(user_token):
|
||||||
if User.objects.filter(email=email).exists():
|
if User.objects.filter(email=email).exists():
|
||||||
user = User.objects.get(email=email)
|
user = User.objects.get(email=email)
|
||||||
if not user.is_active:
|
|
||||||
return Response(
|
|
||||||
{
|
|
||||||
"error": "Your account has been deactivated. Please contact your site administrator."
|
|
||||||
},
|
|
||||||
status=status.HTTP_403_FORBIDDEN,
|
|
||||||
)
|
|
||||||
try:
|
try:
|
||||||
# Send event to Jitsu for tracking
|
# Send event to Jitsu for tracking
|
||||||
if settings.ANALYTICS_BASE_API:
|
if settings.ANALYTICS_BASE_API:
|
||||||
@ -506,6 +523,7 @@ class MagicSignInEndpoint(BaseAPIView):
|
|||||||
except RequestException as e:
|
except RequestException as e:
|
||||||
capture_exception(e)
|
capture_exception(e)
|
||||||
|
|
||||||
|
user.is_active = True
|
||||||
user.last_active = timezone.now()
|
user.last_active = timezone.now()
|
||||||
user.last_login_time = timezone.now()
|
user.last_login_time = timezone.now()
|
||||||
user.last_login_ip = request.META.get("REMOTE_ADDR")
|
user.last_login_ip = request.META.get("REMOTE_ADDR")
|
||||||
|
|||||||
@ -25,7 +25,7 @@ class ConfigurationEndpoint(BaseAPIView):
|
|||||||
|
|
||||||
data = {}
|
data = {}
|
||||||
# Authentication
|
# Authentication
|
||||||
data["google_client_id"] = get_configuration_value(
|
data["google_client_id"] = (
|
||||||
instance_configuration,
|
instance_configuration,
|
||||||
"GOOGLE_CLIENT_ID",
|
"GOOGLE_CLIENT_ID",
|
||||||
os.environ.get("GOOGLE_CLIENT_ID", None),
|
os.environ.get("GOOGLE_CLIENT_ID", None),
|
||||||
@ -45,22 +45,22 @@ class ConfigurationEndpoint(BaseAPIView):
|
|||||||
get_configuration_value(
|
get_configuration_value(
|
||||||
instance_configuration,
|
instance_configuration,
|
||||||
"EMAIL_HOST_USER",
|
"EMAIL_HOST_USER",
|
||||||
os.environ.get("GITHUB_APP_NAME", None),
|
os.environ.get("EMAIL_HOST_USER", None),
|
||||||
),
|
),
|
||||||
)
|
)
|
||||||
and bool(
|
and bool(
|
||||||
get_configuration_value(
|
get_configuration_value(
|
||||||
instance_configuration,
|
instance_configuration,
|
||||||
"EMAIL_HOST_PASSWORD",
|
"EMAIL_HOST_PASSWORD",
|
||||||
os.environ.get("GITHUB_APP_NAME", None),
|
os.environ.get("EMAIL_HOST_PASSWORD", None),
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
) and get_configuration_value(
|
) and get_configuration_value(
|
||||||
instance_configuration, "ENABLE_MAGIC_LINK_LOGIN", "0"
|
instance_configuration, "ENABLE_MAGIC_LINK_LOGIN", "1"
|
||||||
) == "1"
|
) == "1"
|
||||||
data["email_password_login"] = (
|
data["email_password_login"] = (
|
||||||
get_configuration_value(
|
get_configuration_value(
|
||||||
instance_configuration, "ENABLE_EMAIL_PASSWORD", "0"
|
instance_configuration, "ENABLE_EMAIL_PASSWORD", "1"
|
||||||
)
|
)
|
||||||
== "1"
|
== "1"
|
||||||
)
|
)
|
||||||
|
|||||||
@ -371,6 +371,7 @@ class IssueListGroupedEndpoint(BaseAPIView):
|
|||||||
|
|
||||||
issue_queryset = (
|
issue_queryset = (
|
||||||
Issue.objects.filter(workspace__slug=slug, project_id=project_id)
|
Issue.objects.filter(workspace__slug=slug, project_id=project_id)
|
||||||
|
.filter(~Q(state="Triage"))
|
||||||
.select_related("project")
|
.select_related("project")
|
||||||
.select_related("workspace")
|
.select_related("workspace")
|
||||||
.select_related("state")
|
.select_related("state")
|
||||||
|
|||||||
@ -30,6 +30,8 @@ from plane.db.models import (
|
|||||||
ProjectMember,
|
ProjectMember,
|
||||||
)
|
)
|
||||||
from .base import BaseAPIView
|
from .base import BaseAPIView
|
||||||
|
from plane.license.models import InstanceConfiguration
|
||||||
|
from plane.license.utils.instance_value import get_configuration_value
|
||||||
|
|
||||||
|
|
||||||
def get_tokens_for_user(user):
|
def get_tokens_for_user(user):
|
||||||
@ -137,6 +139,30 @@ class OauthEndpoint(BaseAPIView):
|
|||||||
id_token = request.data.get("credential", False)
|
id_token = request.data.get("credential", False)
|
||||||
client_id = request.data.get("clientId", False)
|
client_id = request.data.get("clientId", False)
|
||||||
|
|
||||||
|
instance_configuration = InstanceConfiguration.objects.values(
|
||||||
|
"key", "value"
|
||||||
|
)
|
||||||
|
if (
|
||||||
|
not get_configuration_value(
|
||||||
|
instance_configuration,
|
||||||
|
"GOOGLE_CLIENT_ID",
|
||||||
|
os.environ.get("GOOGLE_CLIENT_ID"),
|
||||||
|
)
|
||||||
|
or not get_configuration_value(
|
||||||
|
instance_configuration,
|
||||||
|
"GITHUB_CLIENT_ID",
|
||||||
|
os.environ.get("GITHUB_CLIENT_ID"),
|
||||||
|
)
|
||||||
|
) and not WorkspaceMemberInvite.objects.filter(
|
||||||
|
email=request.user.email
|
||||||
|
).exists():
|
||||||
|
return Response(
|
||||||
|
{
|
||||||
|
"error": "New account creation is disabled. Please contact your site administrator"
|
||||||
|
},
|
||||||
|
status=status.HTTP_400_BAD_REQUEST,
|
||||||
|
)
|
||||||
|
|
||||||
if not medium or not id_token:
|
if not medium or not id_token:
|
||||||
return Response(
|
return Response(
|
||||||
{
|
{
|
||||||
@ -174,15 +200,7 @@ class OauthEndpoint(BaseAPIView):
|
|||||||
status=status.HTTP_400_BAD_REQUEST,
|
status=status.HTTP_400_BAD_REQUEST,
|
||||||
)
|
)
|
||||||
|
|
||||||
## Login Case
|
user.is_active = True
|
||||||
if not user.is_active:
|
|
||||||
return Response(
|
|
||||||
{
|
|
||||||
"error": "Your account has been deactivated. Please contact your site administrator."
|
|
||||||
},
|
|
||||||
status=status.HTTP_403_FORBIDDEN,
|
|
||||||
)
|
|
||||||
|
|
||||||
user.last_active = timezone.now()
|
user.last_active = timezone.now()
|
||||||
user.last_login_time = timezone.now()
|
user.last_login_time = timezone.now()
|
||||||
user.last_login_ip = request.META.get("REMOTE_ADDR")
|
user.last_login_ip = request.META.get("REMOTE_ADDR")
|
||||||
@ -239,7 +257,8 @@ class OauthEndpoint(BaseAPIView):
|
|||||||
else 15,
|
else 15,
|
||||||
member=user,
|
member=user,
|
||||||
created_by_id=project_member_invite.created_by_id,
|
created_by_id=project_member_invite.created_by_id,
|
||||||
) for project_member_invite in project_member_invites
|
)
|
||||||
|
for project_member_invite in project_member_invites
|
||||||
],
|
],
|
||||||
ignore_conflicts=True,
|
ignore_conflicts=True,
|
||||||
)
|
)
|
||||||
@ -373,7 +392,8 @@ class OauthEndpoint(BaseAPIView):
|
|||||||
else 15,
|
else 15,
|
||||||
member=user,
|
member=user,
|
||||||
created_by_id=project_member_invite.created_by_id,
|
created_by_id=project_member_invite.created_by_id,
|
||||||
) for project_member_invite in project_member_invites
|
)
|
||||||
|
for project_member_invite in project_member_invites
|
||||||
],
|
],
|
||||||
ignore_conflicts=True,
|
ignore_conflicts=True,
|
||||||
)
|
)
|
||||||
@ -420,4 +440,4 @@ class OauthEndpoint(BaseAPIView):
|
|||||||
"access_token": access_token,
|
"access_token": access_token,
|
||||||
"refresh_token": refresh_token,
|
"refresh_token": refresh_token,
|
||||||
}
|
}
|
||||||
return Response(data, status=status.HTTP_201_CREATED)
|
return Response(data, status=status.HTTP_201_CREATED)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user