fix: User creation through API when signups are supposed to be disabled (#2622)

* fix user creation when signups are supposed to be diabled * add user registration tests * run formatter * fix test filename --------- Co-authored-by: Michael Genson <71845777+michael-genson@users.noreply.github.com>
2025-07-09 03:04:54 -04:00 · 2023-10-16 20:45:47 +02:00 · 2023-10-16 20:45:47 +02:00 · 15f79d1586
commit 15f79d1586
parent ebe11da343
2 changed files with 39 additions and 5 deletions
--- a/mealie/services/user_services/registration_service.py
+++ b/mealie/services/user_services/registration_service.py
@ -63,14 +63,10 @@ class RegistrationService:
        elif self.repos.users.get_one(registration.email, "email"):
            raise HTTPException(status.HTTP_409_CONFLICT, {"message": self.t("exceptions.email-conflict-error")})

-        self.logger.info(f"Registering user {registration.username}")
        token_entry = None
        new_group = False

-        if registration.group:
-            new_group = True
-            group = self._register_new_group()
-        elif registration.group_token and registration.group_token != "":
+        if registration.group_token and registration.group_token != "":
            token_entry = self.repos.group_invite_tokens.get_one(registration.group_token)
            if not token_entry:
                raise HTTPException(status.HTTP_400_BAD_REQUEST, {"message": "Invalid group token"})
@ -81,9 +77,13 @@ class RegistrationService:
                raise HTTPException(status.HTTP_400_BAD_REQUEST, {"message": "Invalid group token"})

            group = maybe_none_group
+        elif registration.group:
+            new_group = True
+            group = self._register_new_group()
        else:
            raise HTTPException(status.HTTP_400_BAD_REQUEST, {"message": "Missing group"})

+        self.logger.info(f"Registering user {registration.username}")
        user = self._create_new_user(group, new_group)

        if new_group and registration.seed_data:
--- a/tests/integration_tests/user_tests/test_user_registration.py
+++ b/tests/integration_tests/user_tests/test_user_registration.py
@ -0,0 +1,34 @@
+import random
+import string
+
+from fastapi.testclient import TestClient
+from mealie.core.config import get_app_settings
+from tests.utils import api_routes
+from tests.utils.factories import user_registration_factory
+
+
+def test_register_user(api_client: TestClient, monkeypatch):
+    # create random registration
+    registration = user_registration_factory()
+
+    # signup disabled but valid request
+    monkeypatch.setenv("ALLOW_SIGNUP", "False")
+    get_app_settings.cache_clear()
+    response = api_client.post(api_routes.users_register, json=registration.dict(by_alias=True))
+    assert response.status_code == 403
+
+    # signup disabled, request includes non valid group token
+    registration.group_token = "".join(random.choice(string.ascii_lowercase + string.digits) for _ in range(10)).strip()
+    response = api_client.post(api_routes.users_register, json=registration.dict(by_alias=True))
+    assert response.status_code == 400
+
+    # signup enabled but contains non valid group token
+    monkeypatch.setenv("ALLOW_SIGNUP", "True")
+    get_app_settings.cache_clear()
+    response = api_client.post(api_routes.users_register, json=registration.dict(by_alias=True))
+    assert response.status_code == 400
+
+    # signup enabled and valid request
+    registration.group_token = None
+    response = api_client.post(api_routes.users_register, json=registration.dict(by_alias=True))
+    assert response.status_code == 201