From 766196af87ab496027c5572013587eeed8c59908 Mon Sep 17 00:00:00 2001
From: Neil Lalonde <neillalonde@gmail.com>
Date: Mon, 14 Jul 2014 15:42:14 -0400
Subject: [PATCH] FEATURE: add site setting allow_new_registrations which can
 be used to block all new account registrations

---
 .../discourse/controllers/login.js.es6          |  5 ++++-
 app/controllers/invites_controller.rb           |  8 ++++++++
 app/controllers/users_controller.rb             |  5 +++++
 app/views/invites/show.html.erb                 |  7 +++++++
 config/locales/server.en.yml                    |  2 ++
 config/site_settings.yml                        |  3 +++
 spec/controllers/invites_controller_spec.rb     | 11 +++++++++++
 spec/controllers/users_controller_spec.rb       | 17 +++++++++++++++++
 8 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100644 app/views/invites/show.html.erb

diff --git a/app/assets/javascripts/discourse/controllers/login.js.es6 b/app/assets/javascripts/discourse/controllers/login.js.es6
index 79fb821f125..c96a836d188 100644
--- a/app/assets/javascripts/discourse/controllers/login.js.es6
+++ b/app/assets/javascripts/discourse/controllers/login.js.es6
@@ -37,7 +37,10 @@ export default Discourse.Controller.extend(Discourse.ModalFunctionality, {
   }.property('loggingIn'),
 
   showSignupLink: function() {
-    return !Discourse.SiteSettings.invite_only && !this.get('loggingIn') && this.blank('authenticate');
+    return !Discourse.SiteSettings.invite_only &&
+           Discourse.SiteSettings.allow_new_registrations &&
+           !this.get('loggingIn') &&
+           this.blank('authenticate');
   }.property('loggingIn', 'authenticate'),
 
   showSpinner: function() {
diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb
index 7a9db2cdc07..47bf42bc5cf 100644
--- a/app/controllers/invites_controller.rb
+++ b/app/controllers/invites_controller.rb
@@ -4,6 +4,7 @@ class InvitesController < ApplicationController
   skip_before_filter :redirect_to_login_if_required
 
   before_filter :ensure_logged_in, only: [:destroy, :create, :check_csv_chunk, :upload_csv_chunk]
+  before_filter :ensure_new_registrations_allowed, only: [:show, :redeem_disposable_invite]
 
   def show
     invite = Invite.find_by(invite_key: params[:id])
@@ -137,4 +138,11 @@ class InvitesController < ApplicationController
     params[:email]
   end
 
+  def ensure_new_registrations_allowed
+    unless SiteSetting.allow_new_registrations
+      flash[:error] = I18n.t('login.new_registrations_disabled')
+      render layout: 'no_js'
+      false
+    end
+  end
 end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 981be933f17..56e29ea0965 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -146,6 +146,11 @@ class UsersController < ApplicationController
   end
 
   def create
+    unless SiteSetting.allow_new_registrations
+      render json: { success: false, message: I18n.t("login.new_registrations_disabled") }
+      return
+    end
+
     user = User.new(user_params)
 
     authentication = UserAuthenticator.new(user, session)
diff --git a/app/views/invites/show.html.erb b/app/views/invites/show.html.erb
new file mode 100644
index 00000000000..cc4b0acc1e7
--- /dev/null
+++ b/app/views/invites/show.html.erb
@@ -0,0 +1,7 @@
+<div id='simple-container'>
+  <%if flash[:error]%>
+    <div class='alert alert-error'>
+      <%=flash[:error]%>
+    </div>
+  <%end%>
+</div>
diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index 99a9b744c67..91fc149a3b2 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -765,6 +765,7 @@ en:
     sso_overrides_name: "Overrides local name with external site name from SSO payload (WARNING: discrepancies can occur due to normalization of local names)"
 
     enable_local_logins: "Enable local username and password login based accounts. (Note: this must be enabled for invites to work)"
+    allow_new_registrations: "Allow new user registrations. Uncheck this to prevent anyone from creating a new account."
     enable_google_logins: "(deprecated) Enable Google authentication. This is the OpenID method of authentication which Google has deprecated. New installs will NOT work with this. Use Google Oauth2 instead. Existing installs must move to Google Oauth2 by April 20, 2015."
     enable_yahoo_logins: "Enable Yahoo authentication"
 
@@ -1058,6 +1059,7 @@ en:
     something_already_taken: "Something went wrong, perhaps the username or email is already registered. Try the forgot password link."
     omniauth_error: "Sorry, there was an error authorizing your %{strategy} account. Perhaps you did not approve authorization?"
     omniauth_error_unknown: "Something went wrong processing your log in, please try again."
+    new_registrations_disabled: "New account registrations are not allowed at this time."
 
   user:
     username:
diff --git a/config/site_settings.yml b/config/site_settings.yml
index ce8f1247a09..823c56d96ee 100644
--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@@ -178,6 +178,9 @@ login:
   enable_local_logins:
     client: true
     default: true
+  allow_new_registrations:
+    client: true
+    default: true
   # The default value of enable_google_logins changed from true to false.
   # See db/migrate/20140521220115_google_openid_default_has_changed.rb
   enable_google_logins:
diff --git a/spec/controllers/invites_controller_spec.rb b/spec/controllers/invites_controller_spec.rb
index 86a32d68cd6..6dcc79dc10f 100644
--- a/spec/controllers/invites_controller_spec.rb
+++ b/spec/controllers/invites_controller_spec.rb
@@ -148,6 +148,17 @@ describe InvitesController do
 
     end
 
+    context 'new registrations are disabled' do
+      let(:topic) { Fabricate(:topic) }
+      let(:invite) { topic.invite_by_email(topic.user, "iceking@adventuretime.ooo") }
+      before { SiteSetting.stubs(:allow_new_registrations).returns(false) }
+
+      it "doesn't redeem the invite" do
+        Invite.any_instance.stubs(:redeem).never
+        get :show, id: invite.invite_key
+      end
+    end
+
   end
 
   context '.create_disposable_invite' do
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index 23c5897ed58..eb8acd6d8db 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -269,6 +269,7 @@ describe UsersController do
 
   describe '#create' do
     before do
+      SiteSetting.stubs(:allow_new_registrations).returns(true)
       @user = Fabricate.build(:user)
       @user.password = "strongpassword"
       DiscourseHub.stubs(:register_username).returns([true, nil])
@@ -291,6 +292,14 @@ describe UsersController do
         expect(response.status).to eq(500)
       end
 
+      it 'returns an error when new registrations are disabled' do
+        SiteSetting.stubs(:allow_new_registrations).returns(false)
+        post_user
+        json = JSON.parse(response.body)
+        json['success'].should be_false
+        json['message'].should be_present
+      end
+
       it 'creates a user correctly' do
         Jobs.expects(:enqueue).with(:user_email, has_entries(type: :signup))
         User.any_instance.expects(:enqueue_welcome_message).with('welcome_user').never
@@ -355,6 +364,14 @@ describe UsersController do
         expect(JSON.parse(response.body)['active']).to be_true
       end
 
+      it 'returns 500 status when new registrations are disabled' do
+        SiteSetting.stubs(:allow_new_registrations).returns(false)
+        post_user
+        json = JSON.parse(response.body)
+        json['success'].should be_false
+        json['message'].should be_present
+      end
+
       context 'authentication records for' do
 
         before do