From d0e9c052837e3cb4cb57d2093ffdc09329d7f523 Mon Sep 17 00:00:00 2001 From: Herculino Trotta Date: Sat, 27 Jun 2026 18:02:03 -0300 Subject: [PATCH] feat: disable oauth and token creation while on demo mode --- app/WYGIWYH/urls.py | 28 +++++++++++++++++++++++++--- app/apps/users/views.py | 2 ++ 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/app/WYGIWYH/urls.py b/app/WYGIWYH/urls.py index d417260..0a44285 100644 --- a/app/WYGIWYH/urls.py +++ b/app/WYGIWYH/urls.py @@ -22,10 +22,29 @@ from drf_spectacular.views import ( SpectacularSwaggerView, ) from allauth.socialaccount.providers.openid_connect.views import login, callback +from apps.common.decorators.demo import disabled_on_demo from apps.common.oauth_views import ( authorization_server_metadata, dynamic_client_registration, ) +from oauth2_provider import urls as _dot_urls + + +def _decorate_included(patterns, decorator): + """Apply ``decorator`` to every view callback inside an included URLconf. + + django.urls does not support decorating ``include()`` directly, so we wrap + each URLPattern's callback here. The OAuth2 endpoints issue credentials, so + gate them behind the same DEMO-mode guard used elsewhere. + """ + wrapped = [] + for pattern in patterns: + pattern.callback = decorator(pattern.callback) + wrapped.append(pattern) + return wrapped + + +_oauth_patterns = _decorate_included(_dot_urls.urlpatterns, disabled_on_demo) urlpatterns = [ @@ -43,15 +62,18 @@ urlpatterns = [ name="swagger-ui", ), path("auth/", include("allauth.urls")), # allauth urls - path("oauth/", include("oauth2_provider.urls", namespace="oauth2_provider")), + path( + "oauth/", + include((_oauth_patterns, _dot_urls.app_name), namespace="oauth2_provider"), + ), path( ".well-known/oauth-authorization-server", - authorization_server_metadata, + disabled_on_demo(authorization_server_metadata), name="oauth-authorization-server-metadata", ), path( "oauth/register/", - dynamic_client_registration, + disabled_on_demo(dynamic_client_registration), name="oauth-dynamic-client-registration", ), # path("auth/oidc//login/", login, name="openid_connect_login"), diff --git a/app/apps/users/views.py b/app/apps/users/views.py index a29ace4..986020d 100644 --- a/app/apps/users/views.py +++ b/app/apps/users/views.py @@ -139,6 +139,7 @@ def _render_api_tokens(request, *, form=None, raw_token=None): @only_htmx @htmx_login_required +@disabled_on_demo @require_http_methods(["POST"]) def api_token_add(request): form = APITokenCreateForm(request.POST) @@ -156,6 +157,7 @@ def api_token_add(request): @only_htmx @htmx_login_required +@disabled_on_demo @require_http_methods(["DELETE"]) def api_token_revoke(request, token_id): token = get_object_or_404(APIToken, id=token_id, user=request.user)