Merge pull request #4135 from SaifurRahmanMohsin/feature-disable-regi…

…stration feat(users): Disable registration
ushahidi · Nov 25, 2020 · a61a6ea · a61a6ea
2 parents fe0aa7b + d0b4177
commit a61a6ea
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 0 deletions.
diff --git a/app/Http/Controllers/API/RegisterController.php b/app/Http/Controllers/API/RegisterController.php
@@ -3,6 +3,7 @@
 namespace Ushahidi\App\Http\Controllers\API;
 
 use Ushahidi\App\Http\Controllers\RESTController;
+use Ushahidi\App\Facades\Features;
 use Illuminate\Http\Request;
 
 /**
@@ -30,6 +31,12 @@ protected function getResource()
      */
     public function store(Request $request)
     {
+        // If the disable registration feature is enabled and site registration is disabled in config
+        if (Features::isEnabled('disable_registration')
+            && app('multisite')->getSite()->getSiteConfig('disable_registration', false)) {
+            abort(403, 'Registration Disabled');
+        }
+
         $this->usecase = $this->usecaseFactory
             ->get($this->getResource(), 'register')
             ->setPayload($request->json()->all());

diff --git a/docs/api/config.apib b/docs/api/config.apib
@@ -36,6 +36,9 @@
                 "private": {
                     "enabled": true
                 },
+                "disable_registration": {
+                    "enabled": true
+                },
                 "roles": {
                     "enabled": true
                 },

diff --git a/src/App/Repository/Config/features.php b/src/App/Repository/Config/features.php
@@ -48,6 +48,11 @@
         'enabled' => true,
     ],
 
+    // Disable Registration
+    'disable_registration' => [
+        'enabled' => true,
+    ],
+
     // Roles
     'roles' => [
         'enabled' => true,

diff --git a/tests/integration/acl.feature b/tests/integration/acl.feature
@@ -503,6 +503,22 @@ Feature: API Access Control Layer
         When I request "/posts"
         Then the guzzle status code should be 401
 
+    @disableRegistration
+    Scenario: Registering as a user when a deployment has registration disabled
+        Given that I want to make a new "user"
+        And that the request "data" is:
+        """
+        {
+            "email":"[email protected]",
+            "realname":"John Tae",
+            "password":"testing",
+            "role":"admin"
+        }
+        """
+        When I request "/register"
+        Then the response is JSON
+        Then the guzzle status code should be 403
+
     @rolesEnabled
     Scenario: User with Manage Posts permission can view all posts in collection
         Given that I want to get all "Posts"

diff --git a/tests/integration/bootstrap/PHPUnitFixtureContext.php b/tests/integration/bootstrap/PHPUnitFixtureContext.php
@@ -91,6 +91,20 @@ public function makePublic()
         $this->setConfig('feature', 'private', '{"enabled":false}');
     }
 
+    /** @BeforeScenario @disableRegistration */
+    public function enableDisableRegistration()
+    {
+        $this->setConfig('site', 'disable_registration', 'true');
+        $this->setConfig('feature', 'disable_registration', '{"enabled":true}');
+    }
+
+    /** @AfterScenario @disableRegistration */
+    public function disableDisableRegistration()
+    {
+        $this->setConfig('site', 'disable_registration', 'false');
+        $this->setConfig('feature', 'disable_registration', '{"enabled":false}');
+    }
+
     /**
      * @BeforeScenario @rolesEnabled
      **/