Add ability to limit user registrations

author: Chocobozzz <florian.bigard@gmail.com> 2017-07-25 20:17:28 +0200
committer: Chocobozzz <florian.bigard@gmail.com> 2017-07-25 20:17:28 +0200
commit: 291e8d3eed88fe714fb74ad897ac2c67347a85ff (patch)
tree: 20b4f9b8500ab4d9651d2a067fcf2948a6bfc9a4 /server
parent: 3d09cdbf90902894c841d0a5ddb35eb772c53b8b (diff)
download: PeerTube-291e8d3eed88fe714fb74ad897ac2c67347a85ff.tar.gz
PeerTube-291e8d3eed88fe714fb74ad897ac2c67347a85ff.tar.zst
PeerTube-291e8d3eed88fe714fb74ad897ac2c67347a85ff.zip
9 files changed, 88 insertions, 36 deletions
diff --git a/server/controllers/api/config.ts b/server/controllers/api/config.ts
index 3e9aa77a5..f02a2bc58 100644
--- a/server/controllers/api/config.ts
+++ b/server/controllers/api/config.ts
@@ -1,6 +1,6 @@
 import * as express from 'express'
-import { CONFIG } from '../../initializers'
+import { isSignupAllowed } from '../../helpers'
 import { ServerConfig } from '../../../shared'
 const configRouter = express.Router()
@@ -9,12 +9,15 @@ configRouter.get('/', getConfig)
 // Get the client credentials for the PeerTube front end
 function getConfig (req: express.Request, res: express.Response, next: express.NextFunction) {
-  const json: ServerConfig = {
-    signup: {
+  isSignupAllowed().then(allowed => {
-      enabled: CONFIG.SIGNUP.ENABLED
+    const json: ServerConfig = {
+      signup: {
+        allowed
+      }
    }
-  }
+    res.json(json)
-  res.json(json)
+  })
 }
 // ---------------------------------------------------------------------------
diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts
index 6c375cc5b..f50dbc9a3 100644
--- a/server/controllers/api/users.ts
+++ b/server/controllers/api/users.ts
@@ -6,7 +6,7 @@ import { logger, getFormatedObjects } from '../../helpers'
 import {
  authenticate,
  ensureIsAdmin,
-  ensureUserRegistrationEnabled,
+  ensureUserRegistrationAllowed,
  usersAddValidator,
  usersUpdateValidator,
  usersRemoveValidator,
@@ -48,7 +48,7 @@ usersRouter.post('/',
 )
 usersRouter.post('/register',
-  ensureUserRegistrationEnabled,
+  ensureUserRegistrationAllowed,
  usersAddValidator,
  createUser
 )
diff --git a/server/helpers/utils.ts b/server/helpers/utils.ts
index 9c08afb71..f326210f3 100644
--- a/server/helpers/utils.ts
+++ b/server/helpers/utils.ts
@@ -1,6 +1,8 @@
 import * as express from 'express'
+import * as Promise from 'bluebird'
 import { pseudoRandomBytesPromise } from './core-utils'
+import { CONFIG, database as db } from '../initializers'
 import { ResultList } from '../../shared'
 function badRequest (req: express.Request, res: express.Response, next: express.NextFunction) {
@@ -30,10 +32,26 @@ function getFormatedObjects<U, T extends FormatableToJSON> (objects: T[], object
  return res
 }
+function isSignupAllowed () {
+  if (CONFIG.SIGNUP.ENABLED === false) {
+    return Promise.resolve(false)
+  }
+  // No limit and signup is enabled
+  if (CONFIG.SIGNUP.LIMIT === -1) {
+    return Promise.resolve(true)
+  }
+  return db.User.countTotal().then(totalUsers => {
+    return totalUsers < CONFIG.SIGNUP.LIMIT
+  })
+}
 // ---------------------------------------------------------------------------
 export {
  badRequest,
  generateRandomString,
-  getFormatedObjects
+  getFormatedObjects,
+  isSignupAllowed
 }
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts
index 928a3f570..314a05ab7 100644
--- a/server/initializers/constants.ts
+++ b/server/initializers/constants.ts
@@ -76,7 +76,8 @@ const CONFIG = {
    EMAIL: config.get<string>('admin.email')
  },
  SIGNUP: {
-    ENABLED: config.get<boolean>('signup.enabled')
+    ENABLED: config.get<boolean>('signup.enabled'),
+    LIMIT: config.get<number>('signup.limit')
  },
  TRANSCODING: {
    ENABLED: config.get<boolean>('transcoding.enabled'),
diff --git a/server/middlewares/config.ts b/server/middlewares/config.ts
deleted file mode 100644
index 1481e66cc..000000000
--- a/server/middlewares/config.ts
+++ /dev/null
@@ -1,20 +0,0 @@
-import 'express-validator'
-import * as express from 'express'
-import { CONFIG } from '../initializers'
-function ensureUserRegistrationEnabled (req: express.Request, res: express.Response, next: express.NextFunction) {
-  const registrationEnabled = CONFIG.SIGNUP.ENABLED
-  if (registrationEnabled === true) {
-    return next()
-  }
-  return res.status(400).send('User registration is not enabled.')
-}
-// ---------------------------------------------------------------------------
-export {
-  ensureUserRegistrationEnabled
-}
diff --git a/server/middlewares/index.ts b/server/middlewares/index.ts
index 9a3f849a7..d71dd2452 100644
--- a/server/middlewares/index.ts
+++ b/server/middlewares/index.ts
@@ -1,6 +1,5 @@
 export * from './validators'
 export * from './admin'
-export * from './config'
 export * from './oauth'
 export * from './pagination'
 export * from './pods'
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 38f8aed5b..71e529872 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -5,7 +5,7 @@ import * as validator from 'validator'
 import { database as db } from '../../initializers/database'
 import { checkErrors } from './utils'
-import { logger } from '../../helpers'
+import { isSignupAllowed, logger } from '../../helpers'
 import { VideoInstance } from '../../models'
 function usersAddValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
@@ -88,11 +88,22 @@ function usersVideoRatingValidator (req: express.Request, res: express.Response,
  })
 }
+function ensureUserRegistrationAllowed (req: express.Request, res: express.Response, next: express.NextFunction) {
+  isSignupAllowed().then(allowed => {
+    if (allowed === false) {
+      return res.status(403).send('User registration is not enabled or user limit is reached.')
+    }
+    return next()
+  })
+}
 // ---------------------------------------------------------------------------
 export {
  usersAddValidator,
  usersRemoveValidator,
  usersUpdateValidator,
-  usersVideoRatingValidator
+  usersVideoRatingValidator,
+  ensureUserRegistrationAllowed
 }
diff --git a/server/tests/api/check-params/users.js b/server/tests/api/check-params/users.js
index 2c1189f7a..9e7115da1 100644
--- a/server/tests/api/check-params/users.js
+++ b/server/tests/api/check-params/users.js
@@ -513,7 +513,13 @@ describe('Test users API validators', function () {
        password: 'my super password 4'
      }
-      requestsUtils.makePostBodyRequest(serverWithRegistrationDisabled.url, registrationPath, serverWithRegistrationDisabled.accessToken, data, done, 400)
+      requestsUtils.makePostBodyRequest(serverWithRegistrationDisabled.url, registrationPath, serverWithRegistrationDisabled.accessToken, data, done, 403)
+    })
+  })
+  describe('When registering multiple users on a server with users limit', function () {
+    it('Should fail when after 3 registrations', function (done) {
+      usersUtils.registerUser(server.url, 'user42', 'super password', 403, done)
    })
  })
diff --git a/server/tests/api/config.js b/server/tests/api/config.js
index e79e12823..f2c00f85a 100644
--- a/server/tests/api/config.js
+++ b/server/tests/api/config.js
@@ -8,6 +8,7 @@ const series = require('async/series')
 const serversUtils = require('../utils/servers')
 const configUtils = require('../utils/config')
+const usersUtils = require('../utils/users')
 describe('Test config', function () {
  let server = null
@@ -28,18 +29,51 @@ describe('Test config', function () {
    ], done)
  })
-  it('Should have a correct config', function (done) {
+  it('Should have a correct config on a server with registration enabled', function (done) {
    configUtils.getConfig(server.url, function (err, res) {
      if (err) throw err
      const data = res.body
-      expect(data.signup.enabled).to.be.truthy
+      expect(data.signup.allowed).to.be.truthy
      done()
    })
  })
+  it('Should have a correct config on a server with registration enabled and a users limit', function (done) {
+    series([
+      function (next) {
+        usersUtils.registerUser(server.url, 'user1', 'super password', done)
+      },
+      function (next) {
+        usersUtils.registerUser(server.url, 'user2', 'super password', done)
+      },
+      function (next) {
+        usersUtils.registerUser(server.url, 'user3', 'super password', done)
+      },
+      function (next) {
+        usersUtils.registerUser(server.url, 'user4', 'super password', done)
+      }
+    ], function (err) {
+      if (err) throw err
+      configUtils.getConfig(server.url, function (err, res) {
+        if (err) throw err
+        const data = res.body
+        expect(data.signup.allowed).to.be.truthy
+        done()
+      })
+    })
+  })
  after(function (done) {
    process.kill(-server.app.pid)
author	Chocobozzz <florian.bigard@gmail.com>	2017-07-25 20:17:28 +0200
committer	Chocobozzz <florian.bigard@gmail.com>	2017-07-25 20:17:28 +0200
commit	291e8d3eed88fe714fb74ad897ac2c67347a85ff (patch)
tree	20b4f9b8500ab4d9651d2a067fcf2948a6bfc9a4 /server
parent	3d09cdbf90902894c841d0a5ddb35eb772c53b8b (diff)
download	PeerTube-291e8d3eed88fe714fb74ad897ac2c67347a85ff.tar.gz PeerTube-291e8d3eed88fe714fb74ad897ac2c67347a85ff.tar.zst PeerTube-291e8d3eed88fe714fb74ad897ac2c67347a85ff.zip

diff --git a/server/controllers/api/config.ts b/server/controllers/api/config.ts index 3e9aa77a5..f02a2bc58 100644 --- a/server/controllers/api/config.ts +++ b/server/controllers/api/config.ts
@@ -1,6 +1,6 @@
1	import * as express from 'express'	1	import * as express from 'express'
2		2
3	import { CONFIG } from '../../initializers'	3	import { isSignupAllowed } from '../../helpers'
4	import { ServerConfig } from '../../../shared'	4	import { ServerConfig } from '../../../shared'
5		5
6	const configRouter = express.Router()	6	const configRouter = express.Router()
@@ -9,12 +9,15 @@ configRouter.get('/', getConfig)
9		9
10	// Get the client credentials for the PeerTube front end	10	// Get the client credentials for the PeerTube front end
11	function getConfig (req: express.Request, res: express.Response, next: express.NextFunction) {	11	function getConfig (req: express.Request, res: express.Response, next: express.NextFunction) {
12	const json: ServerConfig = {	12
13	signup: {	13	isSignupAllowed().then(allowed => {
14	enabled: CONFIG.SIGNUP.ENABLED	14	const json: ServerConfig = {
		15	signup: {
		16	allowed
		17	}
15	}	18	}
16	}	19	res.json(json)
17	res.json(json)	20	})
18	}	21	}
19		22
20	// ---------------------------------------------------------------------------	23	// ---------------------------------------------------------------------------


diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts index 6c375cc5b..f50dbc9a3 100644 --- a/server/controllers/api/users.ts +++ b/server/controllers/api/users.ts
@@ -6,7 +6,7 @@ import { logger, getFormatedObjects } from '../../helpers'
6	import {	6	import {
7	authenticate,	7	authenticate,
8	ensureIsAdmin,	8	ensureIsAdmin,
9	ensureUserRegistrationEnabled,	9	ensureUserRegistrationAllowed,
10	usersAddValidator,	10	usersAddValidator,
11	usersUpdateValidator,	11	usersUpdateValidator,
12	usersRemoveValidator,	12	usersRemoveValidator,
@@ -48,7 +48,7 @@ usersRouter.post('/',
48	)	48	)
49		49
50	usersRouter.post('/register',	50	usersRouter.post('/register',
51	ensureUserRegistrationEnabled,	51	ensureUserRegistrationAllowed,
52	usersAddValidator,	52	usersAddValidator,
53	createUser	53	createUser
54	)	54	)


diff --git a/server/helpers/utils.ts b/server/helpers/utils.ts index 9c08afb71..f326210f3 100644 --- a/server/helpers/utils.ts +++ b/server/helpers/utils.ts
@@ -1,6 +1,8 @@
1	import * as express from 'express'	1	import * as express from 'express'
		2	import * as Promise from 'bluebird'
2		3
3	import { pseudoRandomBytesPromise } from './core-utils'	4	import { pseudoRandomBytesPromise } from './core-utils'
		5	import { CONFIG, database as db } from '../initializers'
4	import { ResultList } from '../../shared'	6	import { ResultList } from '../../shared'
5		7
6	function badRequest (req: express.Request, res: express.Response, next: express.NextFunction) {	8	function badRequest (req: express.Request, res: express.Response, next: express.NextFunction) {
@@ -30,10 +32,26 @@ function getFormatedObjects<U, T extends FormatableToJSON> (objects: T[], object
30	return res	32	return res
31	}	33	}
32		34
		35	function isSignupAllowed () {
		36	if (CONFIG.SIGNUP.ENABLED === false) {
		37	return Promise.resolve(false)
		38	}
		39
		40	// No limit and signup is enabled
		41	if (CONFIG.SIGNUP.LIMIT === -1) {
		42	return Promise.resolve(true)
		43	}
		44
		45	return db.User.countTotal().then(totalUsers => {
		46	return totalUsers < CONFIG.SIGNUP.LIMIT
		47	})
		48	}
		49
33	// ---------------------------------------------------------------------------	50	// ---------------------------------------------------------------------------
34		51
35	export {	52	export {
36	badRequest,	53	badRequest,
37	generateRandomString,	54	generateRandomString,
38	getFormatedObjects	55	getFormatedObjects,
		56	isSignupAllowed
39	}	57	}


diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts index 928a3f570..314a05ab7 100644 --- a/server/initializers/constants.ts +++ b/server/initializers/constants.ts
@@ -76,7 +76,8 @@ const CONFIG = {
76	EMAIL: config.get<string>('admin.email')	76	EMAIL: config.get<string>('admin.email')
77	},	77	},
78	SIGNUP: {	78	SIGNUP: {
79	ENABLED: config.get<boolean>('signup.enabled')	79	ENABLED: config.get<boolean>('signup.enabled'),
		80	LIMIT: config.get<number>('signup.limit')
80	},	81	},
81	TRANSCODING: {	82	TRANSCODING: {
82	ENABLED: config.get<boolean>('transcoding.enabled'),	83	ENABLED: config.get<boolean>('transcoding.enabled'),


diff --git a/server/middlewares/config.ts b/server/middlewares/config.ts deleted file mode 100644 index 1481e66cc..000000000 --- a/server/middlewares/config.ts +++ /dev/null
@@ -1,20 +0,0 @@
1	import 'express-validator'
2	import * as express from 'express'
3
4	import { CONFIG } from '../initializers'
5
6	function ensureUserRegistrationEnabled (req: express.Request, res: express.Response, next: express.NextFunction) {
7	const registrationEnabled = CONFIG.SIGNUP.ENABLED
8
9	if (registrationEnabled === true) {
10	return next()
11	}
12
13	return res.status(400).send('User registration is not enabled.')
14	}
15
16	// ---------------------------------------------------------------------------
17
18	export {
19	ensureUserRegistrationEnabled
20	}


diff --git a/server/middlewares/index.ts b/server/middlewares/index.ts index 9a3f849a7..d71dd2452 100644 --- a/server/middlewares/index.ts +++ b/server/middlewares/index.ts
@@ -1,6 +1,5 @@
1	export * from './validators'	1	export * from './validators'
2	export * from './admin'	2	export * from './admin'
3	export * from './config'
4	export * from './oauth'	3	export * from './oauth'
5	export * from './pagination'	4	export * from './pagination'
6	export * from './pods'	5	export * from './pods'


diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 38f8aed5b..71e529872 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts
@@ -5,7 +5,7 @@ import * as validator from 'validator'
5		5
6	import { database as db } from '../../initializers/database'	6	import { database as db } from '../../initializers/database'
7	import { checkErrors } from './utils'	7	import { checkErrors } from './utils'
8	import { logger } from '../../helpers'	8	import { isSignupAllowed, logger } from '../../helpers'
9	import { VideoInstance } from '../../models'	9	import { VideoInstance } from '../../models'
10		10
11	function usersAddValidator (req: express.Request, res: express.Response, next: express.NextFunction) {	11	function usersAddValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
@@ -88,11 +88,22 @@ function usersVideoRatingValidator (req: express.Request, res: express.Response,
88	})	88	})
89	}	89	}
90		90
		91	function ensureUserRegistrationAllowed (req: express.Request, res: express.Response, next: express.NextFunction) {
		92	isSignupAllowed().then(allowed => {
		93	if (allowed === false) {
		94	return res.status(403).send('User registration is not enabled or user limit is reached.')
		95	}
		96
		97	return next()
		98	})
		99	}
		100
91	// ---------------------------------------------------------------------------	101	// ---------------------------------------------------------------------------
92		102
93	export {	103	export {
94	usersAddValidator,	104	usersAddValidator,
95	usersRemoveValidator,	105	usersRemoveValidator,
96	usersUpdateValidator,	106	usersUpdateValidator,
97	usersVideoRatingValidator	107	usersVideoRatingValidator,
		108	ensureUserRegistrationAllowed
98	}	109	}


diff --git a/server/tests/api/check-params/users.js b/server/tests/api/check-params/users.js index 2c1189f7a..9e7115da1 100644 --- a/server/tests/api/check-params/users.js +++ b/server/tests/api/check-params/users.js
@@ -513,7 +513,13 @@ describe('Test users API validators', function () {
513	password: 'my super password 4'	513	password: 'my super password 4'
514	}	514	}
515		515
516	requestsUtils.makePostBodyRequest(serverWithRegistrationDisabled.url, registrationPath, serverWithRegistrationDisabled.accessToken, data, done, 400)	516	requestsUtils.makePostBodyRequest(serverWithRegistrationDisabled.url, registrationPath, serverWithRegistrationDisabled.accessToken, data, done, 403)
		517	})
		518	})
		519
		520	describe('When registering multiple users on a server with users limit', function () {
		521	it('Should fail when after 3 registrations', function (done) {
		522	usersUtils.registerUser(server.url, 'user42', 'super password', 403, done)
517	})	523	})
518	})	524	})
519		525


diff --git a/server/tests/api/config.js b/server/tests/api/config.js index e79e12823..f2c00f85a 100644 --- a/server/tests/api/config.js +++ b/server/tests/api/config.js
@@ -8,6 +8,7 @@ const series = require('async/series')
8		8
9	const serversUtils = require('../utils/servers')	9	const serversUtils = require('../utils/servers')
10	const configUtils = require('../utils/config')	10	const configUtils = require('../utils/config')
		11	const usersUtils = require('../utils/users')
11		12
12	describe('Test config', function () {	13	describe('Test config', function () {
13	let server = null	14	let server = null
@@ -28,18 +29,51 @@ describe('Test config', function () {
28	], done)	29	], done)
29	})	30	})
30		31
31	it('Should have a correct config', function (done) {	32	it('Should have a correct config on a server with registration enabled', function (done) {
32	configUtils.getConfig(server.url, function (err, res) {	33	configUtils.getConfig(server.url, function (err, res) {
33	if (err) throw err	34	if (err) throw err
34		35
35	const data = res.body	36	const data = res.body
36		37
37	expect(data.signup.enabled).to.be.truthy	38	expect(data.signup.allowed).to.be.truthy
38		39
39	done()	40	done()
40	})	41	})
41	})	42	})
42		43
		44	it('Should have a correct config on a server with registration enabled and a users limit', function (done) {
		45	series([
		46	function (next) {
		47	usersUtils.registerUser(server.url, 'user1', 'super password', done)
		48	},
		49
		50	function (next) {
		51	usersUtils.registerUser(server.url, 'user2', 'super password', done)
		52	},
		53
		54	function (next) {
		55	usersUtils.registerUser(server.url, 'user3', 'super password', done)
		56	},
		57
		58	function (next) {
		59	usersUtils.registerUser(server.url, 'user4', 'super password', done)
		60	}
		61
		62	], function (err) {
		63	if (err) throw err
		64
		65	configUtils.getConfig(server.url, function (err, res) {
		66	if (err) throw err
		67
		68	const data = res.body
		69
		70	expect(data.signup.allowed).to.be.truthy
		71
		72	done()
		73	})
		74	})
		75	})
		76
43	after(function (done) {	77	after(function (done) {
44	process.kill(-server.app.pid)	78	process.kill(-server.app.pid)
45		79