Allauth: Re-add GitHub provider, prevent GH signups

2 files changed, 48 insertions, 0 deletions

diff --git a/pydis_site/settings.py b/pydis_site/settings.py
index 56ac0a1d..d6ca4860 100644
--- a/pydis_site/settings.py
+++ b/pydis_site/settings.py
@@ -92,6 +92,7 @@ INSTALLED_APPS = [
     'allauth.socialaccount',
 
     'allauth.socialaccount.providers.discord',
+    'allauth.socialaccount.providers.github',
 
     'crispy_forms',
     'django_crispy_bulma',
@@ -407,5 +408,8 @@ AUTHENTICATION_BACKENDS = (
     'allauth.account.auth_backends.AuthenticationBackend',
 )
 
+ACCOUNT_ADAPTER = "pydis_site.utils.account.AccountAdapter"
+ACCOUNT_EMAIL_REQUIRED = False  # Undocumented allauth setting; don't require emails
 ACCOUNT_EMAIL_VERIFICATION = "none"  # No verification required; we don't use emails for anything
 LOGIN_REDIRECT_URL = "home"
+SOCIALACCOUNT_ADAPTER = "pydis_site.utils.account.SocialAccountAdapter"
diff --git a/pydis_site/utils/account.py b/pydis_site/utils/account.py
new file mode 100644
index 00000000..adafcea9
--- /dev/null
+++ b/pydis_site/utils/account.py
@@ -0,0 +1,44 @@
+from allauth.account.adapter import DefaultAccountAdapter
+from allauth.exceptions import ImmediateHttpResponse
+from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
+from allauth.socialaccount.models import SocialLogin
+from django.contrib.messages import ERROR, add_message
+from django.http import HttpRequest
+from django.shortcuts import redirect
+from django.urls import reverse
+
+
+class AccountAdapter(DefaultAccountAdapter):
+    """An Allauth account adapter that prevents signups via form submission."""
+
+    def is_open_for_signup(self, request: HttpRequest) -> bool:
+        """
+        Checks whether or not the site is open for signups.
+
+        We override this to always return False so that users may never sign up using
+        Allauth's signup form endpoints, to be on the safe side - since we only want users
+        to sign up using their Discord account.
+        """
+        return False
+
+
+class SocialAccountAdapter(DefaultSocialAccountAdapter):
+    """An Allauth SocialAccount adapter that prevents signups via non-Discord connections."""
+
+    def is_open_for_signup(self, request: HttpRequest, social_login: SocialLogin) -> bool:
+        """
+        Checks whether or not the site is open for signups.
+
+        We override this method in order to prevent users from creating a new account using
+        a non-Discord connection, as we require this connection for our users.
+        """
+        if social_login.account.provider != "discord":
+            add_message(
+                request, ERROR,
+                "You must login with Discord before connecting another account. Your account "
+                "details have not been saved."
+            )
+
+            raise ImmediateHttpResponse(redirect(reverse("home")))
+
+        return True