Prevent regular login in backend when it's disabled
This rejects any regular login attempt when the regular login form has been disabled using DISABLE_REGULAR_LOGIN. Reverts fa06b71517db3e9c8959df076ac432dc6bb4674c, we already have a setting that manages regular signups.
This commit is contained in:
Felix Eckhofer
shamoon
parent
3c92e14e4a
commit
1fc521fd04
@ -2,6 +2,7 @@ from allauth.account.adapter import DefaultAccountAdapter
|
|||||||
from allauth.core import context
|
from allauth.core import context
|
||||||
from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
|
from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
|
from django.forms import ValidationError
|
||||||
from django.urls import reverse
|
from django.urls import reverse
|
||||||
|
|
||||||
|
|
||||||
@ -9,10 +10,13 @@ class CustomAccountAdapter(DefaultAccountAdapter):
|
|||||||
def is_open_for_signup(self, request):
|
def is_open_for_signup(self, request):
|
||||||
allow_signups = super().is_open_for_signup(request)
|
allow_signups = super().is_open_for_signup(request)
|
||||||
# Override with setting, otherwise default to super.
|
# Override with setting, otherwise default to super.
|
||||||
return (
|
return getattr(settings, "ACCOUNT_ALLOW_SIGNUPS", allow_signups)
|
||||||
getattr(settings, "ACCOUNT_ALLOW_SIGNUPS", allow_signups)
|
|
||||||
and not settings.DISABLE_REGULAR_LOGIN
|
def pre_authenticate(self, request, **credentials):
|
||||||
)
|
if settings.DISABLE_REGULAR_LOGIN:
|
||||||
|
raise ValidationError("Regular login is disabled")
|
||||||
|
|
||||||
|
return super().pre_authenticate(request, **credentials)
|
||||||
|
|
||||||
def is_safe_url(self, url):
|
def is_safe_url(self, url):
|
||||||
# see https://github.com/paperless-ngx/paperless-ngx/issues/5780
|
# see https://github.com/paperless-ngx/paperless-ngx/issues/5780
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user