mirror of
https://github.com/plausible/analytics.git
synced 2024-12-25 10:33:01 +03:00
51c1138d0d
* Add zxcvbn dependency * Change password length range requirement from 6-64 to 12-128 * Reimplement register form in LV * Implement server-side check for password strength * Add rudimentary strength meter * Make password input with strength a separate component and improve it * Fix existing tests to provide strong enough password * Apply formatting * Replace existing registration form with new one * Hide built-in label in `.input` component when none provided * Crop password to first 32 chars for analysis by zxcvbn * Add tests for new form components * Integrate hCaptcha into LV * Fix existing AuthController tests * Add tests for Live.RegisterForm * Hide strength meter when password input is empty * Randomize client IP in headers during tests to avoid hitting rate limit * Apply auxilliary formatting fixes to AuthController * Integrate registration from invitation into LV registration logic * Fix existing password set and reset forms * Make `password_length_hint` component more customizable * Optimize `Auth.User.set_password/2` * Remove unnecessary attribute from registration form * Move password set and reset forms to LV * Add tests for SetPasswordForm LV component * Add tests for password checks in `Auth.User` * Document code a bit * Implement simpler approach to hCaptcha integration * Update CHANGELOG.md * Improve consistency of color scheme * Introduce debounce across all text inputs in registration and password forms * Fix email input background in register form * Ensure only single error is rendered for empty password confirmation case * Remove `/password` form entirely in favor of preferred password reset * Remove unnecessary `router` option from `live_render` calls * Make expensive assigns in LV with `assign_new` (h/t @aerosol) * Accept passwords longer than 32 bytes uniformly as very strong * Avoid displaying blank error side by side with weak password error * Make register actions handle errors gracefully * Render only a single piece of feedback to reduce noise * Make register and password reset forms pw manager friendly (h/t @cnkk) * Move registration forms to live routes * Delete no longer used deadviews * Adjust registration form in accordance to changes in #3290 * Reintroduce dogfood page path for invitation form from #3290 * Use alternative approach to submitting plausible metrics from LV form * Rename metrics events and extend tests to account for them
38 lines
905 B
Elixir
38 lines
905 B
Elixir
defmodule PlausibleWeb.Plugs.MaybeDisableRegistration do
|
|
@moduledoc """
|
|
Plug toggling registration according to selfhosted state.
|
|
"""
|
|
|
|
import Phoenix.Controller
|
|
import Plug.Conn
|
|
|
|
alias Plausible.Release
|
|
alias PlausibleWeb.Router.Helpers, as: Routes
|
|
|
|
def init(opts) do
|
|
opts
|
|
end
|
|
|
|
def call(conn, _opts) do
|
|
disabled_for = List.wrap(conn.assigns.disable_registration_for)
|
|
|
|
selfhost_config = Application.get_env(:plausible, :selfhost)
|
|
disable_registration = Keyword.fetch!(selfhost_config, :disable_registration)
|
|
first_launch? = Release.should_be_first_launch?()
|
|
|
|
cond do
|
|
first_launch? ->
|
|
conn
|
|
|
|
disable_registration in disabled_for ->
|
|
conn
|
|
|> put_flash(:error, "Registration is disabled on this instance")
|
|
|> redirect(to: Routes.auth_path(conn, :login_form))
|
|
|> halt()
|
|
|
|
true ->
|
|
conn
|
|
end
|
|
end
|
|
end
|