refactor(backend): SSO registration cleanup (#11239)

* add more debugging and remove possible problematic inheritance * remove unused functions * remove extra conversion * ensure cirrect type is used --------- Co-authored-by: Oliver <oliver.henry.walters@gmail.com>
2026-02-02 03:14:56 +00:00 · 2026-02-02 03:14:06 +01:00
parent e1a45ec289
commit e6077565c5
4 changed files with 15 additions and 21 deletions
--- a/docs/docs/settings/error_codes.md
+++ b/docs/docs/settings/error_codes.md
@@ -192,6 +192,13 @@ Therefore the registration user interface elements will not be shown.

 To enable registration, the email settings must be configured correctly. See  [email configuration](../start/config.md#email-settings).

+#### INVE-W12
+**Signup attempt blocked because registration is disabled - Backend**
+
+A user attempted to sign up but registration is currently disabled via the system settings. This is to prevent unauthorized or unwanted user registrations.
+
+To enable registration, adjust the relevant settings (for regular or SSO registration) to allow user signups.
+
 ### INVE-I (InvenTree Information)
 Information — These are not errors but information messages. They might point out potential issues or just provide information.

--- a/src/backend/InvenTree/InvenTree/api.py
+++ b/src/backend/InvenTree/InvenTree/api.py
@@ -29,7 +29,6 @@ from common.settings import get_global_setting
 from InvenTree import helpers, ready
 from InvenTree.auth_overrides import registration_enabled
 from InvenTree.mixins import ListCreateAPI
-from InvenTree.sso import sso_registration_enabled
 from plugin.serializers import MetadataSerializer
 from users.models import ApiToken
 from users.permissions import check_user_permission, prefetch_rule_sets
@@ -326,8 +325,8 @@ class InfoView(APIView):
            if (is_staff and settings.INVENTREE_ADMIN_ENABLED)
            else None,
            'settings': {
-                'sso_registration': sso_registration_enabled(),
-                'registration_enabled': registration_enabled(),
+                'sso_registration': registration_enabled('LOGIN_ENABLE_SSO_REG'),
+                'registration_enabled': registration_enabled('LOGIN_ENABLE_REG'),
                'password_forgotten_enabled': get_global_setting(
                    'LOGIN_ENABLE_PWD_FORGOT'
                ),
--- a/src/backend/InvenTree/InvenTree/auth_overrides.py
+++ b/src/backend/InvenTree/InvenTree/auth_overrides.py
@@ -19,6 +19,7 @@ from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
 from common.settings import get_global_setting
 from InvenTree.exceptions import log_error

+from .helpers import str2bool
 from .helpers_email import is_email_configured

 logger = structlog.get_logger('inventree')
@@ -91,7 +92,7 @@ RegistrationKeys = Literal['LOGIN_ENABLE_REG', 'LOGIN_ENABLE_SSO_REG']

 def registration_enabled(setting_name: RegistrationKeys = 'LOGIN_ENABLE_REG'):
    """Determine whether user registration is enabled."""
-    if get_global_setting(setting_name):
+    if str2bool(get_global_setting(setting_name)):
        if is_email_configured():
            return True
        else:
@@ -112,7 +113,10 @@ class RegistrationMixin:
        Configure the class variable `REGISTRATION_SETTING` to set which setting should be used, default: `LOGIN_ENABLE_REG`.
        """
        if registration_enabled(self.REGISTRATION_SETTING):
-            return super().is_open_for_signup(request, *args, **kwargs)
+            return True
+        logger.warning(
+            f'INVE-W12: Signup attempt blocked, because registration is disabled via setting {self.REGISTRATION_SETTING}.'
+        )
        return False

    def clean_email(self, email):
--- a/src/backend/InvenTree/InvenTree/sso.py
+++ b/src/backend/InvenTree/InvenTree/sso.py
@@ -10,7 +10,6 @@ import structlog
 from allauth.socialaccount.models import SocialAccount, SocialLogin

 from common.settings import get_global_setting
-from InvenTree.helpers import str2bool

 logger = structlog.get_logger('inventree')

@@ -69,21 +68,6 @@ def provider_display_name(provider):
    return provider.name


-def sso_login_enabled() -> bool:
-    """Return True if SSO login is enabled."""
-    return str2bool(get_global_setting('LOGIN_ENABLE_SSO'))
-
-
-def sso_registration_enabled() -> bool:
-    """Return True if SSO registration is enabled."""
-    return str2bool(get_global_setting('LOGIN_ENABLE_SSO_REG'))
-
-
-def auto_registration_enabled() -> bool:
-    """Return True if SSO auto-registration is enabled."""
-    return str2bool(get_global_setting('LOGIN_SIGNUP_SSO_AUTO'))
-
-
 def ensure_sso_groups(sender, sociallogin: SocialLogin, **kwargs):
    """Sync groups from IdP each time a SSO user logs on.