Prevent regular login in backend when it's disabled

This rejects any regular login attempt when the regular login form has been disabled using DISABLE_REGULAR_LOGIN. Reverts fa06b71517db3e9c8959df076ac432dc6bb4674c, we already have a setting that manages regular signups.
2024-02-21 10:53:49 +01:00 · 2024-02-21 10:53:49 +01:00 · 1fc521fd04
commit 1fc521fd04
parent 3c92e14e4a
1 changed files with 8 additions and 4 deletions
--- a/src/paperless/adapter.py
+++ b/src/paperless/adapter.py
@ -2,6 +2,7 @@ from allauth.account.adapter import DefaultAccountAdapter
 from allauth.core import context
 from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
 from django.conf import settings
+from django.forms import ValidationError
 from django.urls import reverse


@ -9,10 +10,13 @@ class CustomAccountAdapter(DefaultAccountAdapter):
    def is_open_for_signup(self, request):
        allow_signups = super().is_open_for_signup(request)
        # Override with setting, otherwise default to super.
-        return (
-            getattr(settings, "ACCOUNT_ALLOW_SIGNUPS", allow_signups)
-            and not settings.DISABLE_REGULAR_LOGIN
-        )
+        return getattr(settings, "ACCOUNT_ALLOW_SIGNUPS", allow_signups)
+
+    def pre_authenticate(self, request, **credentials):
+        if settings.DISABLE_REGULAR_LOGIN:
+            raise ValidationError("Regular login is disabled")
+
+        return super().pre_authenticate(request, **credentials)

    def is_safe_url(self, url):
        # see https://github.com/paperless-ngx/paperless-ngx/issues/5780