Merge pull request #2688 from onaio/2686-user-creation-configuration

Add config to disable user creation

onadata/apps/api/tests/viewsets/test_user_profile_viewset.py

@@ -290,6 +290,21 @@ def test_profile_create(self, mock_send_verification_email):
         self.assertTrue(user.is_active)
         self.assertTrue(user.check_password(password), password)
 
+    @override_settings(DISABLE_CREATING_USERS=True)
+    def test_block_profile_create(self):
+        data = _profile_data()
+        request = self.factory.post(
+            "/api/v1/profiles",
+            data=json.dumps(data),
+            content_type="application/json",
+            **self.extra,
+        )
+        response = self.view(request)
+        self.assertEqual(
+            str(response.data["detail"]),
+            "You do not have permission to create user.")
+        self.assertEqual(response.status_code, 403)
+
     def _create_user_using_profiles_endpoint(self, data):
         request = self.factory.post(
             "/api/v1/profiles",

onadata/apps/api/viewsets/user_profile_viewset.py

@@ -20,7 +20,7 @@
 from registration.models import RegistrationProfile
 from rest_framework import serializers, status
 from rest_framework.decorators import action
-from rest_framework.exceptions import ParseError
+from rest_framework.exceptions import ParseError, PermissionDenied
 from rest_framework.filters import OrderingFilter
 from rest_framework.generics import get_object_or_404
 from rest_framework.response import Response
@@ -224,6 +224,12 @@ def retrieve(self, request, *args, **kwargs):
 
     def create(self, request, *args, **kwargs):
         """Create and cache user profile"""
+        disable_user_creation = getattr(settings, "DISABLE_CREATING_USERS", False)
+        if disable_user_creation:
+            raise PermissionDenied(
+                _("You do not have permission to create user.")
+            )
+
         response = super().create(request, *args, **kwargs)
         profile = response.data
         user_name = profile.get("username")

onadata/settings/common.py

@@ -185,6 +185,9 @@
 # needed by guardian
 ANONYMOUS_DEFAULT_USERNAME = "AnonymousUser"
 
+# disable creating users
+DISABLE_CREATING_USERS = False
+
 INSTALLED_APPS = (
     "django.contrib.contenttypes",
     "django.contrib.auth",

onadata/settings/github_actions_test.py

@@ -69,3 +69,6 @@
 ODK_TOKEN_FERNET_KEY = "ROsB4T8s1rCJskAdgpTQEKfH2x2K_EX_YBi3UFyoYng="  # nosec
 OPENID_CONNECT_PROVIDERS = {}
 AUTH_PASSWORD_VALIDATORS = []
+
+# disable user creation
+DISABLE_CREATING_USERS = False