From a7647d8de2a67679b84ffc0cfa22a609630c9cb8 Mon Sep 17 00:00:00 2001
From: Raphael Michel <mail@raphaelmichel.de>
Date: Mon, 6 Jun 2016 22:58:17 +0200
Subject: [PATCH] Allow to disable login/password reset

---
 doc/admin/config.rst                          |  6 ++++++
 .../templates/pretixcontrol/auth/login.html   | 20 +++++++++++--------
 src/pretix/control/views/auth.py              | 15 ++++++++++++++
 src/pretix/settings.py                        |  2 ++
 4 files changed, 35 insertions(+), 8 deletions(-)

diff --git a/doc/admin/config.rst b/doc/admin/config.rst
index 1984b3468..5e8f8dfef 100644
--- a/doc/admin/config.rst
+++ b/doc/admin/config.rst
@@ -51,6 +51,12 @@ Example::
 ``cookie_domain``
     The cookie domain to be set. Defaults to ``None``.
 
+``registration``
+    Enables or disables the registration of new admin users. Defaults to ``on``.
+
+``password_reset``
+    Enables or disables password reset. Defaults to ``on``.
+
 
 Locale settings
 ---------------
diff --git a/src/pretix/control/templates/pretixcontrol/auth/login.html b/src/pretix/control/templates/pretixcontrol/auth/login.html
index 4717a0043..b8e17be4f 100644
--- a/src/pretix/control/templates/pretixcontrol/auth/login.html
+++ b/src/pretix/control/templates/pretixcontrol/auth/login.html
@@ -9,19 +9,23 @@
         {% bootstrap_field form.email %}
         {% bootstrap_field form.password %}
         <div class="form-group buttons">
-            <a href="{% url "control:auth.forgot" %}" class="btn btn-link">
-                {% trans "Lost password?" %}
-            </a>
+            {% if can_reset %}
+                <a href="{% url "control:auth.forgot" %}" class="btn btn-link">
+                    {% trans "Lost password?" %}
+                </a>
+            {% endif %}
 
             <button type="submit" class="btn btn-primary">
                 {% trans "Log in" %}
             </button>
         </div>
 
-        <div class="form-group buttons">
-            <a href="{% url "control:auth.register" %}" class="btn btn-link">
-                {% trans "Register" %}
-            </a>
-        </div>
+        {% if can_register %}
+            <div class="form-group buttons">
+                <a href="{% url "control:auth.register" %}" class="btn btn-link">
+                    {% trans "Register" %}
+                </a>
+            </div>
+        {% endif %}
     </form>
 {% endblock %}
diff --git a/src/pretix/control/views/auth.py b/src/pretix/control/views/auth.py
index 402c009fb..a1a6ccbb7 100644
--- a/src/pretix/control/views/auth.py
+++ b/src/pretix/control/views/auth.py
@@ -4,6 +4,7 @@ from django.contrib.auth import (
     authenticate, login as auth_login, logout as auth_logout,
 )
 from django.contrib.auth.tokens import default_token_generator
+from django.core.exceptions import PermissionDenied
 from django.shortcuts import redirect, render
 from django.utils.functional import cached_property
 from django.utils.translation import ugettext_lazy as _
@@ -35,6 +36,8 @@ def login(request):
     else:
         form = LoginForm()
     ctx['form'] = form
+    ctx['can_register'] = settings.PRETIX_REGISTRATION
+    ctx['can_reset'] = settings.PRETIX_PASSWORD_RESET
     return render(request, 'pretixcontrol/auth/login.html', ctx)
 
 
@@ -50,6 +53,8 @@ def register(request):
     """
     Render and process a basic registration form.
     """
+    if not settings.PRETIX_REGISTRATION:
+        raise PermissionDenied('Registration is disabled')
     ctx = {}
     if request.user.is_authenticated():
         return redirect(request.GET.get("next", 'control:index'))
@@ -74,6 +79,11 @@ def register(request):
 class Forgot(TemplateView):
     template_name = 'pretixcontrol/auth/forgot.html'
 
+    def dispatch(self, request, *args, **kwargs):
+        if not settings.PRETIX_PASSWORD_RESET:
+            raise PermissionDenied('Password reset is disabled')
+        return super().dispatch(request, *args, **kwargs)
+
     def get(self, request, *args, **kwargs):
         if request.user.is_authenticated():
             return redirect(request.GET.get("next", 'control:index'))
@@ -128,6 +138,11 @@ class Recover(TemplateView):
         'unknownuser': _('We were unable to find the user you requested a new password for.')
     }
 
+    def dispatch(self, request, *args, **kwargs):
+        if not settings.PRETIX_PASSWORD_RESET:
+            raise PermissionDenied('Password reset is disabled')
+        return super().dispatch(request, *args, **kwargs)
+
     def get(self, request, *args, **kwargs):
         if request.user.is_authenticated():
             return redirect(request.GET.get("next", 'control:index'))
diff --git a/src/pretix/settings.py b/src/pretix/settings.py
index aa7b2679d..192eac39e 100644
--- a/src/pretix/settings.py
+++ b/src/pretix/settings.py
@@ -60,6 +60,8 @@ STATIC_URL = config.get('urls', 'static', fallback='/static/')
 MEDIA_URL = config.get('urls', 'media', fallback='/media/')
 
 PRETIX_INSTANCE_NAME = config.get('pretix', 'instance_name', fallback='pretix.de')
+PRETIX_REGISTRATION = config.getboolean('pretix', 'registration', fallback=True)
+PRETIX_PASSWORD_RESET = config.getboolean('pretix', 'password_reset', fallback=True)
 
 SITE_URL = config.get('pretix', 'url', fallback='http://localhost')