set DISABLE_REGISTRATION param to disable registration

app/auth/views/facebook.py

@@ -6,7 +6,12 @@ from requests_oauthlib.compliance_fixes import facebook_compliance_fix
 from app import email_utils
 from app.auth.base import auth_bp
 from app.auth.views.google import create_file_from_url
-from app.config import URL, FACEBOOK_CLIENT_ID, FACEBOOK_CLIENT_SECRET
+from app.config import (
+    URL,
+    FACEBOOK_CLIENT_ID,
+    FACEBOOK_CLIENT_SECRET,
+    DISABLE_REGISTRATION,
+)
 from app.extensions import db
 from app.log import LOG
 from app.models import User
@@ -103,6 +108,10 @@ def facebook_callback():
 
     # create user
     else:
+        if DISABLE_REGISTRATION:
+            flash("Registration is closed", "error")
+            return redirect(url_for("auth.login"))
+
         if not can_be_used_as_personal_email(email):
             flash(
                 f"You cannot use {email} as your personal inbox.", "error",

app/auth/views/github.py

@@ -5,7 +5,7 @@ from requests_oauthlib import OAuth2Session
 from app import email_utils
 from app.auth.base import auth_bp
 from app.auth.views.login_utils import after_login
-from app.config import GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, URL
+from app.config import GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, URL, DISABLE_REGISTRATION
 from app.email_utils import can_be_used_as_personal_email
 from app.extensions import db
 from app.log import LOG
@@ -85,6 +85,10 @@ def github_callback():
 
     # create user
     if not user:
+        if DISABLE_REGISTRATION:
+            flash("Registration is closed", "error")
+            return redirect(url_for("auth.login"))
+
         if not can_be_used_as_personal_email(email):
             flash(
                 f"You cannot use {email} as your personal inbox.", "error",

app/auth/views/google.py

@@ -4,7 +4,7 @@ from requests_oauthlib import OAuth2Session
 
 from app import s3, email_utils
 from app.auth.base import auth_bp
-from app.config import URL, GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET
+from app.config import URL, GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, DISABLE_REGISTRATION
 from app.extensions import db
 from app.log import LOG
 from app.models import User, File
@@ -93,6 +93,10 @@ def google_callback():
             db.session.commit()
     # create user
     else:
+        if DISABLE_REGISTRATION:
+            flash("Registration is closed", "error")
+            return redirect(url_for("auth.login"))
+
         if not can_be_used_as_personal_email(email):
             flash(
                 f"You cannot use {email} as your personal inbox.", "error",

app/auth/views/register.py

@@ -3,9 +3,9 @@ from flask_login import current_user
 from flask_wtf import FlaskForm
 from wtforms import StringField, validators
 
-from app import email_utils
+from app import email_utils, config
 from app.auth.base import auth_bp
-from app.config import URL
+from app.config import URL, DISABLE_REGISTRATION
 from app.email_utils import can_be_used_as_personal_email
 from app.extensions import db
 from app.log import LOG
@@ -27,6 +27,10 @@ def register():
         flash("You are already logged in", "warning")
         return redirect(url_for("dashboard.index"))
 
+    if config.DISABLE_REGISTRATION:
+        flash("Registration is closed", "error")
+        return redirect(url_for("auth.login"))
+
     form = RegisterForm(request.form)
     next_url = request.args.get("next")
 

app/config.py

@@ -54,6 +54,8 @@ except Exception:
 # allow to override postfix server locally
 POSTFIX_SERVER = os.environ.get("POSTFIX_SERVER", "240.0.0.1")
 
+DISABLE_REGISTRATION = "DISABLE_REGISTRATION" in os.environ
+
 if "OTHER_ALIAS_DOMAINS" in os.environ:
     OTHER_ALIAS_DOMAINS = eval(
         os.environ["OTHER_ALIAS_DOMAINS"]

example.env

@@ -25,7 +25,10 @@ SUPPORT_NAME=Son from SimpleLogin
 # ADMIN_EMAIL=admin@sl.local
 
 # Max number emails user can generate for free plan
-MAX_NB_EMAIL_FREE_PLAN=3
+MAX_NB_EMAIL_FREE_PLAN=5
+
+# Close registration. Avoid people accidentally creating new account on a self-hosted SimpleLogin
+# DISABLE_REGISTRATION=1
 
 # custom domain needs to point to these MX servers
 EMAIL_SERVERS_WITH_PRIORITY=[(10, "email.hostname.")]

tests/auth/test_register.py

@@ -0,0 +1,28 @@
+from flask import url_for
+
+
+def test_register_success(flask_client):
+    """User arrives at the waiting activation page."""
+    r = flask_client.post(
+        url_for("auth.register"),
+        data={"email": "a@b.c", "password": "password"},
+        follow_redirects=True,
+    )
+
+    assert r.status_code == 200
+    assert b"An email to validate your email is on its way" in r.data
+
+
+def test_register_disabled(flask_client):
+    """User cannot create new account when DISABLE_REGISTRATION."""
+    from app import config
+
+    config.DISABLE_REGISTRATION = True
+
+    r = flask_client.post(
+        url_for("auth.register"),
+        data={"email": "a@b.c", "password": "password"},
+        follow_redirects=True,
+    )
+
+    assert b"Registration is closed" in r.data