| |
@@ -150,6 +150,30 @@
|
| |
self.assertEqual(3, len(items))
|
| |
|
| |
@patch.dict("pagure.config.config", {"PAGURE_AUTH": "local"})
|
| |
+ @patch.dict("pagure.config.config", {"ALLOW_USER_REGISTRATION": False})
|
| |
+ @patch("pagure.lib.notify.send_email", MagicMock(return_value=True))
|
| |
+ def test_new_user_disabled(self):
|
| |
+ """ Test the disabling of the new_user endpoint. """
|
| |
+
|
| |
+ # Check before:
|
| |
+ items = pagure.lib.query.search_user(self.session)
|
| |
+ self.assertEqual(2, len(items))
|
| |
+
|
| |
+ # Attempt to access the new user page
|
| |
+ output = self.app.get("/user/new", follow_redirects=True)
|
| |
+ self.assertEqual(output.status_code, 200)
|
| |
+ self.assertIn(
|
| |
+ "<title>Login - Pagure</title>", output.get_data(as_text=True)
|
| |
+ )
|
| |
+ self.assertIn(
|
| |
+ "User registration is disabled.", output.get_data(as_text=True)
|
| |
+ )
|
| |
+
|
| |
+ # Check after:
|
| |
+ items = pagure.lib.query.search_user(self.session)
|
| |
+ self.assertEqual(2, len(items))
|
| |
+
|
| |
+ @patch.dict("pagure.config.config", {"PAGURE_AUTH": "local"})
|
| |
@patch.dict("pagure.config.config", {"CHECK_SESSION_IP": False})
|
| |
def test_do_login(self):
|
| |
""" Test the do_login endpoint. """
|
| |
For public/private Pagure instances where it is intended to be used
by a single user, having the ability to turn off user registration
prevents confusion and closes an avenue of potential denial of service
attacks.
Fixes https://pagure.io/pagure/issue/4972
Signed-off-by: Neal Gompa ngompa13@gmail.com