Optionally allow the Raintale GUI to require user authentication for all users after install
Opened this issue · 3 comments
As identified by @ato, an organization may only wish to accept Raintale templates from trusted individuals.
This will require two actions:
- when completing the documentation for the Raintale GUI, we will have to provide at least a link to instructions for creating a superuser and adding users via the Django administrator interface
- we will need to disable the Registration link on the main page if a user requests it during or after installation
Addressing #1 will not be accomplished until we complete the Raintale GUI documentation.
Addressing #2 requires that an installer disable the /accounts/register/ endpoint with the following steps.
After reviewing Wooey's source code and testing locally, I've determined that the installer can disable that by setting WOOEY_REGISTER_URL to None. inside settings/user_settings.py.
Finally, to ensure that only authenticated users are allowed to execute Raintale scripts, the installer will set WOOEY_ALLOW_ANONYMOUS from settings/user_settings.py to False.
So, to summarize, install-gui.sh should:
- accept a flag indicating that the user wishes to install the system without registration
- if that flag is set, it will set
WOOEY_REGISTER_URLtoNoneinsidesettings/user_settings.py - if that flag is set, it will set
WOOEY_ALLOW_ANONYMOUStoFalseinsidesettings/user_settings.py
I tested this and can confirm adding these two lines to /opt/raintale/raintale_with_wooey/raintale_with_wooey/settings/user_settings.py and restarting the raintale-django service disables user registration and anonymous script access.
WOOEY_REGISTER_URL=None
WOOEY_ALLOW_ANONYMOUS=False
Now I just need to create a helper script to make this possible. Thanks for testing it.
This still needs work, but I am removing this from the project as part of the IIPC 2021 Grant project closeout.