fix (backend): finer grained registration control for Single Sign On (#11190)

* finer grained registration control for Single Sign On Fixes #11162 * fix for python 3.11
2026-01-28 17:13:44 +00:00 · 2026-01-22 13:36:34 +01:00
parent ec2bf23627
commit 060e917fc9
1 changed files with 12 additions and 7 deletions
--- a/src/backend/InvenTree/InvenTree/auth_overrides.py
+++ b/src/backend/InvenTree/InvenTree/auth_overrides.py
@@ -1,5 +1,7 @@
 """Overrides for allauth and adjacent packages to enforce InvenTree specific auth settings and restirctions."""

+from typing import Literal
+
 from django import forms
 from django.conf import settings
 from django.contrib.auth.models import Group
@@ -14,7 +16,6 @@ from allauth.account.forms import LoginForm, SignupForm, set_form_field_order
 from allauth.headless.adapter import DefaultHeadlessAdapter
 from allauth.socialaccount.adapter import DefaultSocialAccountAdapter

-import InvenTree.sso
 from common.settings import get_global_setting
 from InvenTree.exceptions import log_error

@@ -85,12 +86,12 @@ class CustomSignupForm(SignupForm):
        return cleaned_data


-def registration_enabled():
+RegistrationKeys = Literal['LOGIN_ENABLE_REG', 'LOGIN_ENABLE_SSO_REG']
+
+
+def registration_enabled(setting_name: RegistrationKeys = 'LOGIN_ENABLE_REG'):
    """Determine whether user registration is enabled."""
-    if (
-        get_global_setting('LOGIN_ENABLE_REG')
-        or InvenTree.sso.sso_registration_enabled()
-    ):
+    if get_global_setting(setting_name):
        if is_email_configured():
            return True
        else:
@@ -103,12 +104,14 @@ def registration_enabled():
 class RegistrationMixin:
    """Mixin to check if registration should be enabled."""

+    REGISTRATION_SETTING: RegistrationKeys = 'LOGIN_ENABLE_REG'
+
    def is_open_for_signup(self, request, *args, **kwargs):
        """Check if signup is enabled in settings.

        Configure the class variable `REGISTRATION_SETTING` to set which setting should be used, default: `LOGIN_ENABLE_REG`.
        """
-        if registration_enabled():
+        if registration_enabled(self.REGISTRATION_SETTING):
            return super().is_open_for_signup(request, *args, **kwargs)
        return False

@@ -187,6 +190,8 @@ class CustomAccountAdapter(RegistrationMixin, DefaultAccountAdapter):
 class CustomSocialAccountAdapter(RegistrationMixin, DefaultSocialAccountAdapter):
    """Override of adapter to use dynamic settings."""

+    REGISTRATION_SETTING = 'LOGIN_ENABLE_SSO_REG'
+
    def is_auto_signup_allowed(self, request, sociallogin):
        """Check if auto signup is enabled in settings."""
        if get_global_setting('LOGIN_SIGNUP_SSO_AUTO', True):