diff options
author | 2019-10-19 16:21:38 +0100 | |
---|---|---|
committer | 2019-10-19 16:21:38 +0100 | |
commit | a82e15f23793900119104addd67f8ebf703e5b15 (patch) | |
tree | 9348ca430462e010d5ed9681de0f979f83f287e6 | |
parent | Bring navbar styling in line on mobile as well (diff) |
Allauth: Re-add GitHub provider, prevent GH signups
-rw-r--r-- | pydis_site/settings.py | 4 | ||||
-rw-r--r-- | pydis_site/utils/account.py | 44 |
2 files changed, 48 insertions, 0 deletions
diff --git a/pydis_site/settings.py b/pydis_site/settings.py index 56ac0a1d..d6ca4860 100644 --- a/pydis_site/settings.py +++ b/pydis_site/settings.py @@ -92,6 +92,7 @@ INSTALLED_APPS = [ 'allauth.socialaccount', 'allauth.socialaccount.providers.discord', + 'allauth.socialaccount.providers.github', 'crispy_forms', 'django_crispy_bulma', @@ -407,5 +408,8 @@ AUTHENTICATION_BACKENDS = ( 'allauth.account.auth_backends.AuthenticationBackend', ) +ACCOUNT_ADAPTER = "pydis_site.utils.account.AccountAdapter" +ACCOUNT_EMAIL_REQUIRED = False # Undocumented allauth setting; don't require emails ACCOUNT_EMAIL_VERIFICATION = "none" # No verification required; we don't use emails for anything LOGIN_REDIRECT_URL = "home" +SOCIALACCOUNT_ADAPTER = "pydis_site.utils.account.SocialAccountAdapter" diff --git a/pydis_site/utils/account.py b/pydis_site/utils/account.py new file mode 100644 index 00000000..adafcea9 --- /dev/null +++ b/pydis_site/utils/account.py @@ -0,0 +1,44 @@ +from allauth.account.adapter import DefaultAccountAdapter +from allauth.exceptions import ImmediateHttpResponse +from allauth.socialaccount.adapter import DefaultSocialAccountAdapter +from allauth.socialaccount.models import SocialLogin +from django.contrib.messages import ERROR, add_message +from django.http import HttpRequest +from django.shortcuts import redirect +from django.urls import reverse + + +class AccountAdapter(DefaultAccountAdapter): + """An Allauth account adapter that prevents signups via form submission.""" + + def is_open_for_signup(self, request: HttpRequest) -> bool: + """ + Checks whether or not the site is open for signups. + + We override this to always return False so that users may never sign up using + Allauth's signup form endpoints, to be on the safe side - since we only want users + to sign up using their Discord account. + """ + return False + + +class SocialAccountAdapter(DefaultSocialAccountAdapter): + """An Allauth SocialAccount adapter that prevents signups via non-Discord connections.""" + + def is_open_for_signup(self, request: HttpRequest, social_login: SocialLogin) -> bool: + """ + Checks whether or not the site is open for signups. + + We override this method in order to prevent users from creating a new account using + a non-Discord connection, as we require this connection for our users. + """ + if social_login.account.provider != "discord": + add_message( + request, ERROR, + "You must login with Discord before connecting another account. Your account " + "details have not been saved." + ) + + raise ImmediateHttpResponse(redirect(reverse("home"))) + + return True |