refactor(backend): SSO registration cleanup (#11239) (#11241)

* add more debugging and remove possible problematic inheritance

* remove unused functions

* remove extra conversion

* ensure cirrect type is used

---------


(cherry picked from commit e607756)

Co-authored-by: Matthias Mair <code@mjmair.com>
Co-authored-by: Oliver <oliver.henry.walters@gmail.com>

Author: 3 people

docs/docs/settings/error_codes.md

@@ -174,6 +174,13 @@ Therefore the registration user interface elements will not be shown.
 
 To enable registration, the email settings must be configured correctly. See  [email configuration](../start/config.md#email-settings).
 
+#### INVE-W12
+**Signup attempt blocked because registration is disabled - Backend**
+
+A user attempted to sign up but registration is currently disabled via the system settings. This is to prevent unauthorized or unwanted user registrations.
+
+To enable registration, adjust the relevant settings (for regular or SSO registration) to allow user signups.
+
 ### INVE-I (InvenTree Information)
 Information — These are not errors but information messages. They might point out potential issues or just provide information.
 

src/backend/InvenTree/InvenTree/api.py

@@ -25,7 +25,6 @@
 from InvenTree import helpers
 from InvenTree.auth_overrides import registration_enabled
 from InvenTree.mixins import ListCreateAPI
-from InvenTree.sso import sso_registration_enabled
 from plugin.serializers import MetadataSerializer
 from users.models import ApiToken
 from users.permissions import check_user_permission
@@ -318,8 +317,8 @@ def get(self, request, *args, **kwargs):
             if (is_staff and settings.INVENTREE_ADMIN_ENABLED)
             else None,
             'settings': {
-                'sso_registration': sso_registration_enabled(),
-                'registration_enabled': registration_enabled(),
+                'sso_registration': registration_enabled('LOGIN_ENABLE_SSO_REG'),
+                'registration_enabled': registration_enabled('LOGIN_ENABLE_REG'),
                 'password_forgotten_enabled': get_global_setting(
                     'LOGIN_ENABLE_PWD_FORGOT'
                 ),

src/backend/InvenTree/InvenTree/auth_overrides.py

@@ -19,6 +19,7 @@
 from common.settings import get_global_setting
 from InvenTree.exceptions import log_error
 
+from .helpers import str2bool
 from .helpers_email import is_email_configured
 
 logger = structlog.get_logger('inventree')
@@ -91,7 +92,7 @@ def clean(self):
 
 def registration_enabled(setting_name: RegistrationKeys = 'LOGIN_ENABLE_REG'):
     """Determine whether user registration is enabled."""
-    if get_global_setting(setting_name):
+    if str2bool(get_global_setting(setting_name)):
         if is_email_configured():
             return True
         else:
@@ -112,7 +113,10 @@ def is_open_for_signup(self, request, *args, **kwargs):
         Configure the class variable `REGISTRATION_SETTING` to set which setting should be used, default: `LOGIN_ENABLE_REG`.
         """
         if registration_enabled(self.REGISTRATION_SETTING):
-            return super().is_open_for_signup(request, *args, **kwargs)
+            return True
+        logger.warning(
+            f'INVE-W12: Signup attempt blocked, because registration is disabled via setting {self.REGISTRATION_SETTING}.'
+        )
         return False
 
     def clean_email(self, email):

src/backend/InvenTree/InvenTree/sso.py

@@ -10,7 +10,6 @@
 from allauth.socialaccount.models import SocialAccount, SocialLogin
 
 from common.settings import get_global_setting
-from InvenTree.helpers import str2bool
 
 logger = structlog.get_logger('inventree')
 
@@ -69,21 +68,6 @@ def provider_display_name(provider):
     return provider.name
 
 
-def sso_login_enabled() -> bool:
-    """Return True if SSO login is enabled."""
-    return str2bool(get_global_setting('LOGIN_ENABLE_SSO'))
-
-
-def sso_registration_enabled() -> bool:
-    """Return True if SSO registration is enabled."""
-    return str2bool(get_global_setting('LOGIN_ENABLE_SSO_REG'))
-
-
-def auto_registration_enabled() -> bool:
-    """Return True if SSO auto-registration is enabled."""
-    return str2bool(get_global_setting('LOGIN_SIGNUP_SSO_AUTO'))
-
-
 def ensure_sso_groups(sender, sociallogin: SocialLogin, **kwargs):
     """Sync groups from IdP each time a SSO user logs on.