🔥 Remove USERS_OPEN_REGISTRATION config, make registration enabled by default

.env

@@ -13,7 +13,6 @@ BACKEND_CORS_ORIGINS="http://localhost,http://localhost:5173,https://localhost,h
 SECRET_KEY=changethis
 FIRST_SUPERUSER=admin@example.com
 FIRST_SUPERUSER_PASSWORD=changethis
-USERS_OPEN_REGISTRATION=True
 
 # Emails
 SMTP_HOST=

backend/README.md

@@ -63,16 +63,6 @@ Make sure your editor is using the correct Python virtual environment.
 
 Modify or add SQLModel models for data and SQL tables in `./backend/app/models.py`, API endpoints in `./backend/app/api/`, CRUD (Create, Read, Update, Delete) utils in `./backend/app/crud.py`.
 
-### Enabling Open User Registration
-
-By default the backend has user registration disabled, but there's already a route to register users. If you want to allow users to register themselves, you can set the environment variable `USERS_OPEN_REGISTRATION` to `True` in the `.env` file.
-
-After modifying the environment variables, restart the Docker containers to apply the changes. You can do this by running:
-
-```console
-$ docker compose up -d
-```
-
 ### VS Code
 
 There are already configurations in place to run the backend through the VS Code debugger, so that you can use breakpoints, pause and explore variables, etc.

backend/app/api/routes/users.py

@@ -146,11 +146,6 @@ def register_user(session: SessionDep, user_in: UserRegister) -> Any:
  """
  Create new user without the need to be logged in.
  """
- if not settings.USERS_OPEN_REGISTRATION:
- raise HTTPException(
- status_code=403,
- detail="Open user registration is forbidden on this server",
- )
  user = crud.get_user_by_email(session=session, email=user_in.email)
  if user:
  raise HTTPException(

backend/app/core/config.py

@@ -94,7 +94,6 @@ def emails_enabled(self) -> bool:
  # TODO: update type to EmailStr when sqlmodel supports it
  FIRST_SUPERUSER: str
  FIRST_SUPERUSER_PASSWORD: str
- USERS_OPEN_REGISTRATION: bool = False
 
  def _check_default_secret(self, var_name: str, value: str | None) -> None:
  if value == "changethis":

backend/app/tests/api/routes/test_users.py

@@ -283,62 +283,41 @@ def test_update_password_me_same_password_error(
 
 
 def test_register_user(client: TestClient, db: Session) -> None:
- with patch("app.core.config.settings.USERS_OPEN_REGISTRATION", True):
- username = random_email()
- password = random_lower_string()
- full_name = random_lower_string()
- data = {"email": username, "password": password, "full_name": full_name}
- r = client.post(
- f"{settings.API_V1_STR}/users/signup",
- json=data,
- )
- assert r.status_code == 200
- created_user = r.json()
- assert created_user["email"] == username
- assert created_user["full_name"] == full_name
-
- user_query = select(User).where(User.email == username)
- user_db = db.exec(user_query).first()
- assert user_db
- assert user_db.email == username
- assert user_db.full_name == full_name
- assert verify_password(password, user_db.hashed_password)
-
+ username = random_email()
+ password = random_lower_string()
+ full_name = random_lower_string()
+ data = {"email": username, "password": password, "full_name": full_name}
+ r = client.post(
+ f"{settings.API_V1_STR}/users/signup",
+ json=data,
+ )
+ assert r.status_code == 200
+ created_user = r.json()
+ assert created_user["email"] == username
+ assert created_user["full_name"] == full_name
 
-def test_register_user_forbidden_error(client: TestClient) -> None:
- with patch("app.core.config.settings.USERS_OPEN_REGISTRATION", False):
- username = random_email()
- password = random_lower_string()
- full_name = random_lower_string()
- data = {"email": username, "password": password, "full_name": full_name}
- r = client.post(
- f"{settings.API_V1_STR}/users/signup",
- json=data,
- )
- assert r.status_code == 403
- assert (
- r.json()["detail"] == "Open user registration is forbidden on this server"
- )
+ user_query = select(User).where(User.email == username)
+ user_db = db.exec(user_query).first()
+ assert user_db
+ assert user_db.email == username
+ assert user_db.full_name == full_name
+ assert verify_password(password, user_db.hashed_password)
 
 
 def test_register_user_already_exists_error(client: TestClient) -> None:
- with patch("app.core.config.settings.USERS_OPEN_REGISTRATION", True):
- password = random_lower_string()
- full_name = random_lower_string()
- data = {
- "email": settings.FIRST_SUPERUSER,
- "password": password,
- "full_name": full_name,
- }
- r = client.post(
- f"{settings.API_V1_STR}/users/signup",
- json=data,
- )
- assert r.status_code == 400
- assert (
- r.json()["detail"]
- == "The user with this email already exists in the system"
- )
+ password = random_lower_string()
+ full_name = random_lower_string()
+ data = {
+ "email": settings.FIRST_SUPERUSER,
+ "password": password,
+ "full_name": full_name,
+ }
+ r = client.post(
+ f"{settings.API_V1_STR}/users/signup",
+ json=data,
+ )
+ assert r.status_code == 400
+ assert r.json()["detail"] == "The user with this email already exists in the system"
 
 
 def test_update_user(

deployment.md

@@ -133,7 +133,6 @@ You can set several variables, like:
 * `SECRET_KEY`: The secret key for the FastAPI project, used to sign tokens.
 * `FIRST_SUPERUSER`: The email of the first superuser, this superuser will be the one that can create new users.
 * `FIRST_SUPERUSER_PASSWORD`: The password of the first superuser.
-* `USERS_OPEN_REGISTRATION`: Whether to allow open registration of new users.
 * `SMTP_HOST`: The SMTP server host to send emails, this would come from your email provider (E.g. Mailgun, Sparkpost, Sendgrid, etc).
 * `SMTP_USER`: The SMTP server user to send emails.
 * `SMTP_PASSWORD`: The SMTP server password to send emails.

docker-compose.yml

@@ -52,7 +52,6 @@ services:
  - SECRET_KEY=${SECRET_KEY?Variable not set}
  - FIRST_SUPERUSER=${FIRST_SUPERUSER?Variable not set}
  - FIRST_SUPERUSER_PASSWORD=${FIRST_SUPERUSER_PASSWORD?Variable not set}
- - USERS_OPEN_REGISTRATION=${USERS_OPEN_REGISTRATION}
  - SMTP_HOST=${SMTP_HOST}
  - SMTP_USER=${SMTP_USER}
  - SMTP_PASSWORD=${SMTP_PASSWORD}