From e6077565c55d4d28aad6e778200900cab251fca1 Mon Sep 17 00:00:00 2001 From: Matthias Mair Date: Mon, 2 Feb 2026 03:14:06 +0100 Subject: [PATCH] refactor(backend): SSO registration cleanup (#11239) * add more debugging and remove possible problematic inheritance * remove unused functions * remove extra conversion * ensure cirrect type is used --------- Co-authored-by: Oliver --- docs/docs/settings/error_codes.md | 7 +++++++ src/backend/InvenTree/InvenTree/api.py | 5 ++--- .../InvenTree/InvenTree/auth_overrides.py | 8 ++++++-- src/backend/InvenTree/InvenTree/sso.py | 16 ---------------- 4 files changed, 15 insertions(+), 21 deletions(-) diff --git a/docs/docs/settings/error_codes.md b/docs/docs/settings/error_codes.md index 1de6491a18..ad09a3e6cd 100644 --- a/docs/docs/settings/error_codes.md +++ b/docs/docs/settings/error_codes.md @@ -192,6 +192,13 @@ Therefore the registration user interface elements will not be shown. To enable registration, the email settings must be configured correctly. See [email configuration](../start/config.md#email-settings). +#### INVE-W12 +**Signup attempt blocked because registration is disabled - Backend** + +A user attempted to sign up but registration is currently disabled via the system settings. This is to prevent unauthorized or unwanted user registrations. + +To enable registration, adjust the relevant settings (for regular or SSO registration) to allow user signups. + ### INVE-I (InvenTree Information) Information — These are not errors but information messages. They might point out potential issues or just provide information. diff --git a/src/backend/InvenTree/InvenTree/api.py b/src/backend/InvenTree/InvenTree/api.py index fa341a90d3..79173c6ab4 100644 --- a/src/backend/InvenTree/InvenTree/api.py +++ b/src/backend/InvenTree/InvenTree/api.py @@ -29,7 +29,6 @@ from common.settings import get_global_setting from InvenTree import helpers, ready from InvenTree.auth_overrides import registration_enabled from InvenTree.mixins import ListCreateAPI -from InvenTree.sso import sso_registration_enabled from plugin.serializers import MetadataSerializer from users.models import ApiToken from users.permissions import check_user_permission, prefetch_rule_sets @@ -326,8 +325,8 @@ class InfoView(APIView): if (is_staff and settings.INVENTREE_ADMIN_ENABLED) else None, 'settings': { - 'sso_registration': sso_registration_enabled(), - 'registration_enabled': registration_enabled(), + 'sso_registration': registration_enabled('LOGIN_ENABLE_SSO_REG'), + 'registration_enabled': registration_enabled('LOGIN_ENABLE_REG'), 'password_forgotten_enabled': get_global_setting( 'LOGIN_ENABLE_PWD_FORGOT' ), diff --git a/src/backend/InvenTree/InvenTree/auth_overrides.py b/src/backend/InvenTree/InvenTree/auth_overrides.py index a0508d8479..9a223dd2f9 100644 --- a/src/backend/InvenTree/InvenTree/auth_overrides.py +++ b/src/backend/InvenTree/InvenTree/auth_overrides.py @@ -19,6 +19,7 @@ from allauth.socialaccount.adapter import DefaultSocialAccountAdapter from common.settings import get_global_setting from InvenTree.exceptions import log_error +from .helpers import str2bool from .helpers_email import is_email_configured logger = structlog.get_logger('inventree') @@ -91,7 +92,7 @@ RegistrationKeys = Literal['LOGIN_ENABLE_REG', 'LOGIN_ENABLE_SSO_REG'] def registration_enabled(setting_name: RegistrationKeys = 'LOGIN_ENABLE_REG'): """Determine whether user registration is enabled.""" - if get_global_setting(setting_name): + if str2bool(get_global_setting(setting_name)): if is_email_configured(): return True else: @@ -112,7 +113,10 @@ class RegistrationMixin: Configure the class variable `REGISTRATION_SETTING` to set which setting should be used, default: `LOGIN_ENABLE_REG`. """ if registration_enabled(self.REGISTRATION_SETTING): - return super().is_open_for_signup(request, *args, **kwargs) + return True + logger.warning( + f'INVE-W12: Signup attempt blocked, because registration is disabled via setting {self.REGISTRATION_SETTING}.' + ) return False def clean_email(self, email): diff --git a/src/backend/InvenTree/InvenTree/sso.py b/src/backend/InvenTree/InvenTree/sso.py index 891708f73f..05bacaf38d 100644 --- a/src/backend/InvenTree/InvenTree/sso.py +++ b/src/backend/InvenTree/InvenTree/sso.py @@ -10,7 +10,6 @@ import structlog from allauth.socialaccount.models import SocialAccount, SocialLogin from common.settings import get_global_setting -from InvenTree.helpers import str2bool logger = structlog.get_logger('inventree') @@ -69,21 +68,6 @@ def provider_display_name(provider): return provider.name -def sso_login_enabled() -> bool: - """Return True if SSO login is enabled.""" - return str2bool(get_global_setting('LOGIN_ENABLE_SSO')) - - -def sso_registration_enabled() -> bool: - """Return True if SSO registration is enabled.""" - return str2bool(get_global_setting('LOGIN_ENABLE_SSO_REG')) - - -def auto_registration_enabled() -> bool: - """Return True if SSO auto-registration is enabled.""" - return str2bool(get_global_setting('LOGIN_SIGNUP_SSO_AUTO')) - - def ensure_sso_groups(sender, sociallogin: SocialLogin, **kwargs): """Sync groups from IdP each time a SSO user logs on.