diff --git a/README.md b/README.md index 27440196e..00b8e76ae 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,8 @@ We've added comments to that file to highlight what each setting needs to be, bu - `proxy/ssl` and `proxy/host`: Kamal can set up SSL certificates for you automatically. To enable that, set the hostname again as `host`. If you don't want SSL for some reason, you can set `ssl: false` to turn it off. - `env/clear/MAILER_FROM_ADDRESS`: This is the email address that Fizzy will send emails from. It should usually be an address from the same domain where you're running Fizzy. - `env/clear/SMTP_ADDRESS`: The address of an SMTP server that you can send email through. You can use a 3rd-party service for this, like Sendgrid or Postmark, in which case their documentation will tell you what to use for this. +- `env/clear/SINGLE_TENANT`: Set to `true` to enable single-tenant mode (disable multi-account signups). + Fizzy also requires a few environment variables to be set up, some of which contain secrets. The simplest way to do this is to put them in a file called `.kamal/secrets`. diff --git a/app/controllers/concerns/authorization.rb b/app/controllers/concerns/authorization.rb index 81bd0c781..3b3e17a14 100644 --- a/app/controllers/concerns/authorization.rb +++ b/app/controllers/concerns/authorization.rb @@ -4,6 +4,7 @@ module Authorization included do before_action :ensure_can_access_account, if: -> { Current.account.present? && authenticated? } before_action :ensure_only_staff_can_access_non_production_remote_environments, if: :authenticated? + helper_method :single_tenant? end class_methods do @@ -37,4 +38,8 @@ module Authorization def redirect_existing_user redirect_to root_path if Current.user end + + def single_tenant? + ENV.fetch("SINGLE_TENANT", "false") == "true" + end end diff --git a/app/controllers/signups_controller.rb b/app/controllers/signups_controller.rb index 776421201..ec39063ce 100644 --- a/app/controllers/signups_controller.rb +++ b/app/controllers/signups_controller.rb @@ -3,6 +3,7 @@ class SignupsController < ApplicationController allow_unauthenticated_access rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_signup_path, alert: "Try again later." } before_action :redirect_authenticated_user + before_action :prevent_signup_when_users_exist, if: -> { single_tenant? && User.any? } layout "public" @@ -27,4 +28,8 @@ class SignupsController < ApplicationController def signup_params params.expect signup: :email_address end + + def prevent_signup_when_users_exist + redirect_to new_session_url, alert: "Your account hasn’t been set up yet. Please request an invitation from one of your coworkers." + end end diff --git a/app/models/signup.rb b/app/models/signup.rb index 110c253ef..4409c589c 100644 --- a/app/models/signup.rb +++ b/app/models/signup.rb @@ -16,6 +16,7 @@ class Signup end def create_identity + return if single_tenant? @identity = Identity.find_or_create_by!(email_address: email_address) @identity.send_magic_link for: :sign_up end @@ -96,4 +97,8 @@ class Signup attributes[:referrer] = Current.referrer end end + + def single_tenant? + ENV.fetch("SINGLE_TENANT", "false") == "true" + end end diff --git a/app/views/sessions/magic_links/show.html.erb b/app/views/sessions/magic_links/show.html.erb index 4e94f411e..810b3527a 100644 --- a/app/views/sessions/magic_links/show.html.erb +++ b/app/views/sessions/magic_links/show.html.erb @@ -3,7 +3,12 @@
Then enter the verification code included in the email below:
++ <% if single_tenant? %> + iIf your email belongs to an existing account. + <% end %> + Then enter the verification code included in the email below: +
New here? <%= link_to "Sign up", new_signup_path %> to create an account. Already have an account? Enter your email and we’ll get you signed in.
+ <% if single_tenant? %> +Enter your email and we’ll get you signed in.
+ <% else %> +New here? <%= link_to "Sign up", new_signup_path %> to create an account. Already have an account? Enter your email and we’ll get you signed in.
+ <% end %>