✨ Improve disabled registry flows

2025-05-25 05:46:12 +02:00 · 2024-08-19 15:42:54 +02:00 · 2024-08-19 15:42:54 +02:00 · cd51f2f652
commit cd51f2f652
parent 00bb988ecc
6 changed files with 99 additions and 30 deletions
--- a/backend/src/app/rpc/commands/auth.clj
+++ b/backend/src/app/rpc/commands/auth.clj
@ -180,10 +180,11 @@
 (defn- validate-register-attempt!
  [cfg params]

-  (when-not (contains? cf/flags :registration)
-    (when-not (contains? params :invitation-token)
-      (ex/raise :type :restriction
-                :code :registration-disabled)))
+  (when (or
+         (not (contains? cf/flags :registration))
+         (not (contains? cf/flags :login-with-password)))
+    (ex/raise :type :restriction
+              :code :registration-disabled))

  (when (contains? params :invitation-token)
    (let [invitation (tokens/verify (::setup/props cfg)
--- a/backend/src/app/rpc/commands/verify_token.clj
+++ b/backend/src/app/rpc/commands/verify_token.clj
@ -8,6 +8,7 @@
  (:require
   [app.common.exceptions :as ex]
   [app.common.spec :as us]
+   [app.config :as cf]
   [app.db :as db]
   [app.db.sql :as-alias sql]
   [app.http.session :as session]
@ -152,11 +153,12 @@

  (us/verify! ::team-invitation-claims claims)

-  (let [invitation (db/get* conn :team-invitation
-                            {:team-id team-id :email-to member-email})
-        profile    (db/get* conn :profile
-                            {:id profile-id}
-                            {:columns [:id :email]})]
+  (let [invitation             (db/get* conn :team-invitation
+                                        {:team-id team-id :email-to member-email})
+        profile                (db/get* conn :profile
+                                        {:id profile-id}
+                                        {:columns [:id :email]})
+        registration-disabled? (not (contains? cf/flags :registration))]
    (when (nil? invitation)
      (ex/raise :type :validation
                :code :invalid-token
@ -185,12 +187,12 @@
                  :hint "logged-in user does not matches the invitation"))

      ;; If we have not logged-in user, and invitation comes with member-id we
-      ;; redirect user to login, if no memeber-id is present in the invitation
-      ;; token, we redirect user the the register page.
+      ;; redirect user to login, if no memeber-id is present and  in the invitation
+      ;; token and registration is enabled, we redirect user the the register page.

      {:invitation-token token
       :iss :team-invitation
-       :redirect-to (if member-id :auth-login :auth-register)
+       :redirect-to (if (or member-id registration-disabled?) :auth-login :auth-register)
       :state :pending})))

 ;; --- Default