Let users override registration limit w/ special URL (bug 701166)

2011-11-30 20:29:45 -06:00 · 2011-11-30 20:29:45 -06:00 · e82ec0de2b
--- a/apps/users/templates/users/register.html
+++ b/apps/users/templates/users/register.html
@ -32,7 +32,7 @@
  {% if form %}
    <section class="island">
      <h1>{{ _('Register') }}</h1>
-      <form method="post" action="" class="prettyform grid user-input">
+      <form method="post" action="{{ register_action }}" class="prettyform grid user-input">
        {{ csrf() }}
        <fieldset>
          <ul>
--- a/apps/users/tests/test_forms.py
+++ b/apps/users/tests/test_forms.py
@ -492,6 +492,29 @@ class TestUserRegisterForm(UserFormBase):
        eq_(len(doc('.error')), 1)
        eq_(UserProfile.objects.count(), 3)  # No user was created.

+    @patch.object(settings, 'REGISTER_USER_LIMIT', 1)
+    @patch.object(settings, 'REGISTER_OVERRIDE_TOKEN', 'mozilla')
+    def test_override_user_limit(self):
+        self.client.post(reverse('users.register') + '?ro=mozilla',
+                         self.good_data())
+        eq_(UserProfile.objects.count(), 4)  # One user was created.
+
+    @patch.object(settings, 'REGISTER_USER_LIMIT', 1)
+    @patch.object(settings, 'REGISTER_OVERRIDE_TOKEN', 'mozilla')
+    def test_override_with_wrong_token(self):
+        res = self.client.post(reverse('users.register') + '?ro=netscape',
+                               self.good_data())
+        doc = pq(res.content)
+        eq_(len(doc('.error')), 1)
+        eq_(UserProfile.objects.count(), 3)  # No user was created.
+
+    @patch.object(settings, 'REGISTER_OVERRIDE_TOKEN', 'mozilla')
+    def test_pass_through_reg_override_token(self):
+        res = self.client.get(reverse('users.register') + '?ro=mozilla')
+        doc = pq(res.content)
+        eq_(doc('form.user-input').attr('action'),
+            reverse('users.register') + '?ro=mozilla')
+
    @patch.object(settings, 'APP_PREVIEW', False)
    @patch.object(settings, 'REGISTER_USER_LIMIT', 0)
    @patch('captcha.fields.ReCaptchaField.clean')
--- a/apps/users/views.py
+++ b/apps/users/views.py
@ -17,7 +17,6 @@ from django_browserid.auth import BrowserIDBackend
 import commonware.log
 import jingo
 from radagast.wizard import Wizard
-from ratelimit.decorators import ratelimit
 from tower import ugettext as _, ugettext_lazy as _lazy
 from session_csrf import anonymous_csrf, anonymous_csrf_exempt
 from statsd import statsd
@ -500,6 +499,13 @@ def profile(request, user_id):
    return jingo.render(request, 'users/profile.html', data)


+def can_override_reg_limit(request):
+    """True if user can override the registration limit."""
+    if not settings.REGISTER_OVERRIDE_TOKEN:
+        return False
+    return request.GET.get('ro') == settings.REGISTER_OVERRIDE_TOKEN
+
+
@anonymous_csrf
@no_login_required
 def register(request):
@ -509,10 +515,12 @@ def register(request):
        form = None

    elif (settings.REGISTER_USER_LIMIT and
-          UserProfile.objects.count() > settings.REGISTER_USER_LIMIT):
+          UserProfile.objects.count() > settings.REGISTER_USER_LIMIT
+          and not can_override_reg_limit(request)):
        _m = ('Sorry, no more registrations are allowed. '
-              '<a href="https://developer.mozilla.org/en/apps">Learn more</a>')
-        messages.error(request, _m)
+              '<a href="https://developer.mozilla.org/en/apps">'
+              'Learn more</a>')
+        messages.error(request, _m, title_safe=True, message_safe=True)
        form = None

    elif request.user.is_authenticated():
@ -558,7 +566,13 @@ def register(request):
                            _('Please correct them and resubmit.'))
    else:
        form = forms.UserRegisterForm()
-    return jingo.render(request, 'users/register.html', {'form': form, })
+
+    reg_action = reverse('users.register')
+    if request.GET.get('ro'):
+        # Let the registration override token pass through for a POST.
+        reg_action = urlparams(reg_action, ro=request.GET.get('ro'))
+    return jingo.render(request, 'users/register.html',
+                        {'form': form, 'register_action': reg_action})


@anonymous_csrf_exempt
--- a/settings.py
+++ b/settings.py
@ -1312,6 +1312,10 @@ NO_LOGIN_REQUIRED_MODULES = (
 # Sets an upper limit on the number of users. If 0, it's ignored. If the
 # number of users meets or exceeds this, they can't register.
 REGISTER_USER_LIMIT = 0
+# Set this token to a string value to enable users to override the
+# registration limit. For example, with a token of 'mozillians' anyone can
+# bypass the limit by adding ?ro=mozillians to the URL.
+REGISTER_OVERRIDE_TOKEN = None

 NO_ADDONS_MODULES = (
    'addons.views',