API - disable registration - #36

Makefile.custom.config.example

@@ -2,6 +2,7 @@ export REACT_APP_API_URL = http://$(HOST):$(API_PORT)
 export REACT_APP_THUNDERFOREST_API_KEY=
 export REACT_APP_GPX_LIMIT_IMPORT=10
 export WEATHER_API=
+export FT_ALLOW_REGISTRATION=true
 
 # for dev env
 export CODACY_PROJECT_TOKEN=

docs/api/auth.html

@@ -186,6 +186,7 @@
 </li>
 </ul>
 </p></li>
+<li><p><a class="reference external" href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4">403 Forbidden</a> – Error. Registration is disabled.</p></li>
 <li><p><a class="reference external" href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.5.1">500 Internal Server Error</a> – Error. Please try again or contact the administrator.</p></li>
 </ul>
 </dd>

fittrackee_api/fittrackee_api/config.py

@@ -16,6 +16,9 @@ class BaseConfig:
     )
     PICTURE_ALLOWED_EXTENSIONS = {'jpg', 'png', 'gif'}
     ACTIVITY_ALLOWED_EXTENSIONS = {'gpx', 'zip'}
+    REGISTRATION_ALLOWED = (
+        False if os.getenv('FT_ALLOW_REGISTRATION') == "false" else True
+    )
 
 
 class DevelopmentConfig(BaseConfig):

fittrackee_api/fittrackee_api/tests/conftest.py

@@ -21,6 +21,18 @@ def app():
         return app
 
 
+@pytest.fixture
+def app_no_registration():
+    app = create_app()
+    app.config['REGISTRATION_ALLOWED'] = False
+    with app.app_context():
+        db.create_all()
+        yield app
+        db.session.remove()
+        db.drop_all()
+    return app
+
+
 @pytest.fixture()
 def user_1():
     user = User(username='test', email='test@test.com', password='12345678')

fittrackee_api/fittrackee_api/tests/test_auth_api.py

@@ -232,6 +232,28 @@ def test_user_registration_invalid_data(app):
     assert 'error' in data['status']
 
 
+def test_user_registration_not_allowed(app_no_registration):
+    client = app_no_registration.test_client()
+    response = client.post(
+        '/api/auth/register',
+        data=json.dumps(
+            dict(
+                username='test',
+                email='test@test.com',
+                password='12345678',
+                password_conf='12345678',
+            )
+        ),
+        content_type='application/json',
+    )
+
+    assert response.content_type == 'application/json'
+    assert response.status_code == 403
+    data = json.loads(response.data.decode())
+    assert data['status'] == 'error'
+    assert data['message'] == 'Error. Registration is disabled.'
+
+
 def test_login_registered_user(app, user_1):
     client = app.test_client()
     response = client.post(

fittrackee_api/fittrackee_api/users/auth.py

@@ -66,10 +66,18 @@ def register_user():
             - Valid email must be provided.
             - Password and password confirmation don't match.
             - Password: 8 characters required.
+    :statuscode 403:
+        Error. Registration is disabled.
     :statuscode 500:
         Error. Please try again or contact the administrator.
 
     """
+    if not current_app.config.get('REGISTRATION_ALLOWED'):
+        response_object = {
+            'status': 'error',
+            'message': 'Error. Registration is disabled.',
+        }
+        return jsonify(response_object), 403
     # get post data
     post_data = request.get_json()
     if not post_data or post_data.get('username') is None \