From 7a6b2e0f62d7ffdb2defec0862765a13897d3f96 Mon Sep 17 00:00:00 2001
From: Kim Gustyr <kim.gustyr@flagsmith.com>
Date: Wed, 23 Oct 2024 16:08:08 +0100
Subject: [PATCH] feat: Support `PREVENT_EMAIL_PASSWORD` in backend (#4765)

---
 api/app/settings/common.py     | 6 +++++-
 api/custom_auth/permissions.py | 5 +++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/api/app/settings/common.py b/api/app/settings/common.py
index 5393b9414207..bd20132245b2 100644
--- a/api/app/settings/common.py
+++ b/api/app/settings/common.py
@@ -790,6 +790,9 @@
 USER_CREATE_PERMISSIONS = env.list(
     "USER_CREATE_PERMISSIONS", default=["custom_auth.permissions.IsSignupAllowed"]
 )
+USER_LOGIN_PERMISSIONS = env.list(
+    "USER_LOGIN_PERMISSIONS", default=["custom_auth.permissions.IsPasswordLoginAllowed"]
+)
 
 DJOSER = {
     "PASSWORD_RESET_CONFIRM_URL": "password-reset/confirm/{uid}/{token}",
@@ -817,6 +820,7 @@
         "user": ["custom_auth.permissions.CurrentUser"],
         "user_list": ["custom_auth.permissions.CurrentUser"],
         "user_create": USER_CREATE_PERMISSIONS,
+        "token_create": USER_LOGIN_PERMISSIONS,
     },
 }
 SIMPLE_JWT = {
@@ -895,7 +899,6 @@
 API_URL = env("API_URL", default="/api/v1/")
 ASSET_URL = env("ASSET_URL", default="/")
 MAINTENANCE_MODE = env.bool("MAINTENANCE_MODE", default=False)
-PREVENT_EMAIL_PASSWORD = env.bool("PREVENT_EMAIL_PASSWORD", default=False)
 DISABLE_ANALYTICS_FEATURES = env.bool(
     "DISABLE_INFLUXDB_FEATURES", default=False
 ) or env.bool("DISABLE_ANALYTICS_FEATURES", default=False)
@@ -1032,6 +1035,7 @@
 
 DISABLE_INVITE_LINKS = env.bool("DISABLE_INVITE_LINKS", False)
 PREVENT_SIGNUP = env.bool("PREVENT_SIGNUP", default=False)
+PREVENT_EMAIL_PASSWORD = env.bool("PREVENT_EMAIL_PASSWORD", default=False)
 COOKIE_AUTH_ENABLED = env.bool("COOKIE_AUTH_ENABLED", default=False)
 USE_SECURE_COOKIES = env.bool("USE_SECURE_COOKIES", default=True)
 COOKIE_SAME_SITE = env.str("COOKIE_SAME_SITE", default="none")
diff --git a/api/custom_auth/permissions.py b/api/custom_auth/permissions.py
index 4910456e19a1..bf61050734e6 100644
--- a/api/custom_auth/permissions.py
+++ b/api/custom_auth/permissions.py
@@ -19,3 +19,8 @@ def has_object_permission(self, request, view, obj):
 class IsSignupAllowed(AllowAny):
     def has_permission(self, request: Request, view: View) -> bool:
         return not settings.PREVENT_SIGNUP
+
+
+class IsPasswordLoginAllowed(AllowAny):
+    def has_permission(self, request: Request, view: View) -> bool:
+        return not settings.PREVENT_EMAIL_PASSWORD