From 1f686689f1df7ffe6d39577ea0b5afc9e6635b83 Mon Sep 17 00:00:00 2001 From: Alejandra <90076947+alejsdev@users.noreply.github.com> Date: Wed, 31 Jul 2024 17:08:26 -0500 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A5=20Remove=20`USERS=5FOPEN=5FREGISTR?= =?UTF-8?q?ATION`=20config,=20make=20registration=20enabled=20by=20default?= =?UTF-8?q?=20(#1274)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .env | 1 - backend/README.md | 10 --- backend/app/api/routes/users.py | 5 -- backend/app/core/config.py | 1 - backend/app/tests/api/routes/test_users.py | 83 ++++++++-------------- deployment.md | 1 - docker-compose.yml | 1 - 7 files changed, 31 insertions(+), 71 deletions(-) diff --git a/.env b/.env index 84e1bab..98c8196 100644 --- a/.env +++ b/.env @@ -13,7 +13,6 @@ BACKEND_CORS_ORIGINS="http://localhost,http://localhost:5173,https://localhost,h SECRET_KEY=changethis FIRST_SUPERUSER=admin@example.com FIRST_SUPERUSER_PASSWORD=changethis -USERS_OPEN_REGISTRATION=True # Emails SMTP_HOST= diff --git a/backend/README.md b/backend/README.md index 27aabab..e6400be 100644 --- a/backend/README.md +++ b/backend/README.md @@ -63,16 +63,6 @@ Make sure your editor is using the correct Python virtual environment. Modify or add SQLModel models for data and SQL tables in `./backend/app/models.py`, API endpoints in `./backend/app/api/`, CRUD (Create, Read, Update, Delete) utils in `./backend/app/crud.py`. -### Enabling Open User Registration - -By default the backend has user registration disabled, but there's already a route to register users. If you want to allow users to register themselves, you can set the environment variable `USERS_OPEN_REGISTRATION` to `True` in the `.env` file. - -After modifying the environment variables, restart the Docker containers to apply the changes. You can do this by running: - -```console -$ docker compose up -d -``` - ### VS Code There are already configurations in place to run the backend through the VS Code debugger, so that you can use breakpoints, pause and explore variables, etc. diff --git a/backend/app/api/routes/users.py b/backend/app/api/routes/users.py index 21c30f1..c636b09 100644 --- a/backend/app/api/routes/users.py +++ b/backend/app/api/routes/users.py @@ -146,11 +146,6 @@ def register_user(session: SessionDep, user_in: UserRegister) -> Any: """ Create new user without the need to be logged in. """ - if not settings.USERS_OPEN_REGISTRATION: - raise HTTPException( - status_code=403, - detail="Open user registration is forbidden on this server", - ) user = crud.get_user_by_email(session=session, email=user_in.email) if user: raise HTTPException( diff --git a/backend/app/core/config.py b/backend/app/core/config.py index 68cf702..3a78a5e 100644 --- a/backend/app/core/config.py +++ b/backend/app/core/config.py @@ -94,7 +94,6 @@ class Settings(BaseSettings): # TODO: update type to EmailStr when sqlmodel supports it FIRST_SUPERUSER: str FIRST_SUPERUSER_PASSWORD: str - USERS_OPEN_REGISTRATION: bool = False def _check_default_secret(self, var_name: str, value: str | None) -> None: if value == "changethis": diff --git a/backend/app/tests/api/routes/test_users.py b/backend/app/tests/api/routes/test_users.py index d5daf9e..ba9be65 100644 --- a/backend/app/tests/api/routes/test_users.py +++ b/backend/app/tests/api/routes/test_users.py @@ -283,62 +283,41 @@ def test_update_password_me_same_password_error( def test_register_user(client: TestClient, db: Session) -> None: - with patch("app.core.config.settings.USERS_OPEN_REGISTRATION", True): - username = random_email() - password = random_lower_string() - full_name = random_lower_string() - data = {"email": username, "password": password, "full_name": full_name} - r = client.post( - f"{settings.API_V1_STR}/users/signup", - json=data, - ) - assert r.status_code == 200 - created_user = r.json() - assert created_user["email"] == username - assert created_user["full_name"] == full_name - - user_query = select(User).where(User.email == username) - user_db = db.exec(user_query).first() - assert user_db - assert user_db.email == username - assert user_db.full_name == full_name - assert verify_password(password, user_db.hashed_password) - + username = random_email() + password = random_lower_string() + full_name = random_lower_string() + data = {"email": username, "password": password, "full_name": full_name} + r = client.post( + f"{settings.API_V1_STR}/users/signup", + json=data, + ) + assert r.status_code == 200 + created_user = r.json() + assert created_user["email"] == username + assert created_user["full_name"] == full_name -def test_register_user_forbidden_error(client: TestClient) -> None: - with patch("app.core.config.settings.USERS_OPEN_REGISTRATION", False): - username = random_email() - password = random_lower_string() - full_name = random_lower_string() - data = {"email": username, "password": password, "full_name": full_name} - r = client.post( - f"{settings.API_V1_STR}/users/signup", - json=data, - ) - assert r.status_code == 403 - assert ( - r.json()["detail"] == "Open user registration is forbidden on this server" - ) + user_query = select(User).where(User.email == username) + user_db = db.exec(user_query).first() + assert user_db + assert user_db.email == username + assert user_db.full_name == full_name + assert verify_password(password, user_db.hashed_password) def test_register_user_already_exists_error(client: TestClient) -> None: - with patch("app.core.config.settings.USERS_OPEN_REGISTRATION", True): - password = random_lower_string() - full_name = random_lower_string() - data = { - "email": settings.FIRST_SUPERUSER, - "password": password, - "full_name": full_name, - } - r = client.post( - f"{settings.API_V1_STR}/users/signup", - json=data, - ) - assert r.status_code == 400 - assert ( - r.json()["detail"] - == "The user with this email already exists in the system" - ) + password = random_lower_string() + full_name = random_lower_string() + data = { + "email": settings.FIRST_SUPERUSER, + "password": password, + "full_name": full_name, + } + r = client.post( + f"{settings.API_V1_STR}/users/signup", + json=data, + ) + assert r.status_code == 400 + assert r.json()["detail"] == "The user with this email already exists in the system" def test_update_user( diff --git a/deployment.md b/deployment.md index ab5aaed..6bcbe40 100644 --- a/deployment.md +++ b/deployment.md @@ -133,7 +133,6 @@ You can set several variables, like: * `SECRET_KEY`: The secret key for the FastAPI project, used to sign tokens. * `FIRST_SUPERUSER`: The email of the first superuser, this superuser will be the one that can create new users. * `FIRST_SUPERUSER_PASSWORD`: The password of the first superuser. -* `USERS_OPEN_REGISTRATION`: Whether to allow open registration of new users. * `SMTP_HOST`: The SMTP server host to send emails, this would come from your email provider (E.g. Mailgun, Sparkpost, Sendgrid, etc). * `SMTP_USER`: The SMTP server user to send emails. * `SMTP_PASSWORD`: The SMTP server password to send emails. diff --git a/docker-compose.yml b/docker-compose.yml index 9d1c6bb..d614942 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -52,7 +52,6 @@ services: - SECRET_KEY=${SECRET_KEY?Variable not set} - FIRST_SUPERUSER=${FIRST_SUPERUSER?Variable not set} - FIRST_SUPERUSER_PASSWORD=${FIRST_SUPERUSER_PASSWORD?Variable not set} - - USERS_OPEN_REGISTRATION=${USERS_OPEN_REGISTRATION} - SMTP_HOST=${SMTP_HOST} - SMTP_USER=${SMTP_USER} - SMTP_PASSWORD=${SMTP_PASSWORD}