fix (backend): finer grained registration control for Single Sign On (#11190) (#11192)

github-actions[bot] · matmair · web-flow · commit 3ad9322daa0e · 2026-01-23T00:09:04.000+11:00
* finer grained registration control for Single Sign On Fixes #11162 * fix for python 3.11 (cherry picked from commit 060e917) Co-authored-by: Matthias Mair <code@mjmair.com>
diff --git a/src/backend/InvenTree/InvenTree/auth_overrides.py b/src/backend/InvenTree/InvenTree/auth_overrides.py
@@ -1,5 +1,7 @@
 """Overrides for allauth and adjacent packages to enforce InvenTree specific auth settings and restirctions."""
 
+from typing import Literal
+
 from django import forms
 from django.conf import settings
 from django.contrib.auth.models import Group
@@ -14,7 +16,6 @@
 from allauth.headless.adapter import DefaultHeadlessAdapter
 from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
 
-import InvenTree.sso
 from common.settings import get_global_setting
 from InvenTree.exceptions import log_error
 
@@ -85,12 +86,12 @@ def clean(self):
         return cleaned_data
 
 
-def registration_enabled():
+RegistrationKeys = Literal['LOGIN_ENABLE_REG', 'LOGIN_ENABLE_SSO_REG']
+
+
+def registration_enabled(setting_name: RegistrationKeys = 'LOGIN_ENABLE_REG'):
     """Determine whether user registration is enabled."""
-    if (
-        get_global_setting('LOGIN_ENABLE_REG')
-        or InvenTree.sso.sso_registration_enabled()
-    ):
+    if get_global_setting(setting_name):
         if is_email_configured():
             return True
         else:
@@ -103,12 +104,14 @@ def registration_enabled():
 class RegistrationMixin:
     """Mixin to check if registration should be enabled."""
 
+    REGISTRATION_SETTING: RegistrationKeys = 'LOGIN_ENABLE_REG'
+
     def is_open_for_signup(self, request, *args, **kwargs):
         """Check if signup is enabled in settings.
 
         Configure the class variable `REGISTRATION_SETTING` to set which setting should be used, default: `LOGIN_ENABLE_REG`.
         """
-        if registration_enabled():
+        if registration_enabled(self.REGISTRATION_SETTING):
             return super().is_open_for_signup(request, *args, **kwargs)
         return False
 
@@ -187,6 +190,8 @@ def send_password_reset_mail(self, user, email, context):
 class CustomSocialAccountAdapter(RegistrationMixin, DefaultSocialAccountAdapter):
     """Override of adapter to use dynamic settings."""
 
+    REGISTRATION_SETTING = 'LOGIN_ENABLE_SSO_REG'
+
     def is_auto_signup_allowed(self, request, sociallogin):
         """Check if auto signup is enabled in settings."""
         if get_global_setting('LOGIN_SIGNUP_SSO_AUTO', True):
