diff --git a/api/app/settings/common.py b/api/app/settings/common.py index 5393b9414207..bd20132245b2 100644 --- a/api/app/settings/common.py +++ b/api/app/settings/common.py @@ -790,6 +790,9 @@ USER_CREATE_PERMISSIONS = env.list( "USER_CREATE_PERMISSIONS", default=["custom_auth.permissions.IsSignupAllowed"] ) +USER_LOGIN_PERMISSIONS = env.list( + "USER_LOGIN_PERMISSIONS", default=["custom_auth.permissions.IsPasswordLoginAllowed"] +) DJOSER = { "PASSWORD_RESET_CONFIRM_URL": "password-reset/confirm/{uid}/{token}", @@ -817,6 +820,7 @@ "user": ["custom_auth.permissions.CurrentUser"], "user_list": ["custom_auth.permissions.CurrentUser"], "user_create": USER_CREATE_PERMISSIONS, + "token_create": USER_LOGIN_PERMISSIONS, }, } SIMPLE_JWT = { @@ -895,7 +899,6 @@ API_URL = env("API_URL", default="/api/v1/") ASSET_URL = env("ASSET_URL", default="/") MAINTENANCE_MODE = env.bool("MAINTENANCE_MODE", default=False) -PREVENT_EMAIL_PASSWORD = env.bool("PREVENT_EMAIL_PASSWORD", default=False) DISABLE_ANALYTICS_FEATURES = env.bool( "DISABLE_INFLUXDB_FEATURES", default=False ) or env.bool("DISABLE_ANALYTICS_FEATURES", default=False) @@ -1032,6 +1035,7 @@ DISABLE_INVITE_LINKS = env.bool("DISABLE_INVITE_LINKS", False) PREVENT_SIGNUP = env.bool("PREVENT_SIGNUP", default=False) +PREVENT_EMAIL_PASSWORD = env.bool("PREVENT_EMAIL_PASSWORD", default=False) COOKIE_AUTH_ENABLED = env.bool("COOKIE_AUTH_ENABLED", default=False) USE_SECURE_COOKIES = env.bool("USE_SECURE_COOKIES", default=True) COOKIE_SAME_SITE = env.str("COOKIE_SAME_SITE", default="none") diff --git a/api/custom_auth/permissions.py b/api/custom_auth/permissions.py index 4910456e19a1..bf61050734e6 100644 --- a/api/custom_auth/permissions.py +++ b/api/custom_auth/permissions.py @@ -19,3 +19,8 @@ def has_object_permission(self, request, view, obj): class IsSignupAllowed(AllowAny): def has_permission(self, request: Request, view: View) -> bool: return not settings.PREVENT_SIGNUP + + +class IsPasswordLoginAllowed(AllowAny): + def has_permission(self, request: Request, view: View) -> bool: + return not settings.PREVENT_EMAIL_PASSWORD