add env variable to disable multi-tenancy
This commit is contained in:
@@ -38,6 +38,8 @@ We've added comments to that file to highlight what each setting needs to be, bu
|
||||
- `proxy/ssl` and `proxy/host`: Kamal can set up SSL certificates for you automatically. To enable that, set the hostname again as `host`. If you don't want SSL for some reason, you can set `ssl: false` to turn it off.
|
||||
- `env/clear/MAILER_FROM_ADDRESS`: This is the email address that Fizzy will send emails from. It should usually be an address from the same domain where you're running Fizzy.
|
||||
- `env/clear/SMTP_ADDRESS`: The address of an SMTP server that you can send email through. You can use a 3rd-party service for this, like Sendgrid or Postmark, in which case their documentation will tell you what to use for this.
|
||||
- `env/clear/SINGLE_TENANT`: Set to `true` to enable single-tenant mode (disable multi-account signups).
|
||||
|
||||
|
||||
Fizzy also requires a few environment variables to be set up, some of which contain secrets.
|
||||
The simplest way to do this is to put them in a file called `.kamal/secrets`.
|
||||
|
||||
@@ -4,6 +4,7 @@ module Authorization
|
||||
included do
|
||||
before_action :ensure_can_access_account, if: -> { Current.account.present? && authenticated? }
|
||||
before_action :ensure_only_staff_can_access_non_production_remote_environments, if: :authenticated?
|
||||
helper_method :single_tenant?
|
||||
end
|
||||
|
||||
class_methods do
|
||||
@@ -37,4 +38,8 @@ module Authorization
|
||||
def redirect_existing_user
|
||||
redirect_to root_path if Current.user
|
||||
end
|
||||
|
||||
def single_tenant?
|
||||
ENV.fetch("SINGLE_TENANT", "false") == "true"
|
||||
end
|
||||
end
|
||||
|
||||
@@ -3,6 +3,7 @@ class SignupsController < ApplicationController
|
||||
allow_unauthenticated_access
|
||||
rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_signup_path, alert: "Try again later." }
|
||||
before_action :redirect_authenticated_user
|
||||
before_action :prevent_signup_when_users_exist, if: -> { single_tenant? && User.any? }
|
||||
|
||||
layout "public"
|
||||
|
||||
@@ -27,4 +28,8 @@ class SignupsController < ApplicationController
|
||||
def signup_params
|
||||
params.expect signup: :email_address
|
||||
end
|
||||
|
||||
def prevent_signup_when_users_exist
|
||||
redirect_to new_session_url, alert: "Your account hasn’t been set up yet. Please request an invitation from one of your coworkers."
|
||||
end
|
||||
end
|
||||
|
||||
@@ -16,6 +16,7 @@ class Signup
|
||||
end
|
||||
|
||||
def create_identity
|
||||
return if single_tenant?
|
||||
@identity = Identity.find_or_create_by!(email_address: email_address)
|
||||
@identity.send_magic_link for: :sign_up
|
||||
end
|
||||
@@ -96,4 +97,8 @@ class Signup
|
||||
attributes[:referrer] = Current.referrer
|
||||
end
|
||||
end
|
||||
|
||||
def single_tenant?
|
||||
ENV.fetch("SINGLE_TENANT", "false") == "true"
|
||||
end
|
||||
end
|
||||
|
||||
@@ -3,7 +3,12 @@
|
||||
<div class="panel panel--centered flex flex-column gap-half <%= "shake" if flash[:alert] || flash[:shake] %>">
|
||||
<header>
|
||||
<h1 class="txt-x-large font-weight-black margin-none"><%= @page_title %></h1>
|
||||
<p class="margin-none-block-start txt-medium">Then enter the verification code included in the email below:</p>
|
||||
<p class="margin-none-block-start txt-medium">
|
||||
<% if single_tenant? %>
|
||||
iIf your email belongs to an existing account.
|
||||
<% end %>
|
||||
Then enter the verification code included in the email below:
|
||||
</p>
|
||||
</header>
|
||||
|
||||
<%= form_with url: session_magic_link_path, method: :post, html: { data: { controller: "magic-link" } } do |form| %>
|
||||
|
||||
@@ -10,7 +10,11 @@
|
||||
</label>
|
||||
</div>
|
||||
|
||||
<p><strong>New here?</strong> <%= link_to "Sign up", new_signup_path %> to create an account. <strong>Already have an account?</strong> Enter your email and we’ll get you signed in.</p>
|
||||
<% if single_tenant? %>
|
||||
<p>Enter your email and we’ll get you signed in.</p>
|
||||
<% else %>
|
||||
<p><strong>New here?</strong> <%= link_to "Sign up", new_signup_path %> to create an account. <strong>Already have an account?</strong> Enter your email and we’ll get you signed in.</p>
|
||||
<% end %>
|
||||
|
||||
<button type="submit" id="log_in" class="btn btn--link center txt-medium">
|
||||
<span>Let’s go</span>
|
||||
|
||||
@@ -30,6 +30,7 @@ env:
|
||||
clear:
|
||||
MAILER_FROM_ADDRESS: support@example.com # The email "from" address that Fizzy sends email from
|
||||
SMTP_ADDRESS: mail.example.com # The SMTP server you'll use to send email
|
||||
SINGLE_TENANT: false # Set to true to enable single-tenant mode
|
||||
SOLID_QUEUE_IN_PUMA: true # Run background jobs in the app container
|
||||
|
||||
|
||||
|
||||
@@ -63,4 +63,19 @@ class SignupsControllerTest < ActionDispatch::IntegrationTest
|
||||
assert_redirected_to new_signup_completion_path
|
||||
end
|
||||
end
|
||||
|
||||
test "redirects to session#new when single_tenant and user exists" do
|
||||
previous_single_tenant = ENV["SINGLE_TENANT"]
|
||||
ENV["SINGLE_TENANT"] = "true"
|
||||
|
||||
users(:david)
|
||||
|
||||
untenanted do
|
||||
get new_signup_path
|
||||
|
||||
assert_redirected_to new_session_url
|
||||
end
|
||||
ensure
|
||||
ENV["SINGLE_TENANT"] = previous_single_tenant
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user