From 9ad19bbb220b9c10c170b63816ae107bcdd9687e Mon Sep 17 00:00:00 2001
From: Xoconoch <github@cordovault.com>
Date: Mon, 4 Aug 2025 10:24:29 -0600
Subject: [PATCH] Made SSO respect DISABLE_REGISTRATION

---
 routes/auth/sso.py                            | 35 ++++++++++++++++---
 .../src/components/auth/LoginScreen.tsx       | 12 +++----
 spotizerr-ui/src/lib/api-client.ts            |  2 +-
 3 files changed, 35 insertions(+), 14 deletions(-)

diff --git a/routes/auth/sso.py b/routes/auth/sso.py
index 4b27fbe..f7ae7e5 100644
--- a/routes/auth/sso.py
+++ b/routes/auth/sso.py
@@ -13,7 +13,7 @@ from fastapi_sso.sso.github import GithubSSO
 from fastapi_sso.sso.base import OpenID
 from pydantic import BaseModel
 
-from . import user_manager, token_manager, User, AUTH_ENABLED
+from . import user_manager, token_manager, User, AUTH_ENABLED, DISABLE_REGISTRATION
 
 logger = logging.getLogger(__name__)
 
@@ -62,6 +62,7 @@ class SSOProvider(BaseModel):
 class SSOStatusResponse(BaseModel):
     sso_enabled: bool
     providers: list[SSOProvider]
+    registration_enabled: bool = True
 
 
 def create_or_update_sso_user(openid: OpenID, provider: str) -> User:
@@ -85,13 +86,20 @@ def create_or_update_sso_user(openid: OpenID, provider: str) -> User:
             break
     
     if existing_user:
-        # Update last login
+        # Update last login for existing user (always allowed)
         users[existing_user.username]["last_login"] = datetime.utcnow().isoformat()
         users[existing_user.username]["sso_provider"] = provider
         users[existing_user.username]["sso_id"] = openid.id
         user_manager.save_users(users)
         return existing_user
     else:
+        # Check if registration is disabled before creating new user
+        if DISABLE_REGISTRATION:
+            raise HTTPException(
+                status_code=403, 
+                detail="Registration is disabled. Contact an administrator to create an account."
+            )
+        
         # Create new user
         # Ensure username is unique
         counter = 1
@@ -141,7 +149,8 @@ async def sso_status():
     
     return SSOStatusResponse(
         sso_enabled=SSO_ENABLED and AUTH_ENABLED,
-        providers=providers
+        providers=providers,
+        registration_enabled=not DISABLE_REGISTRATION
     )
 
 
@@ -206,9 +215,17 @@ async def google_callback(request: Request):
         
         return response
         
+    except HTTPException as e:
+        # Handle specific HTTP exceptions (like registration disabled)
+        frontend_url = os.getenv("FRONTEND_URL", "http://localhost:3000")
+        error_msg = e.detail if hasattr(e, 'detail') else "Authentication failed"
+        logger.warning(f"Google SSO callback error: {error_msg}")
+        return RedirectResponse(url=f"{frontend_url}?error={error_msg}")
+        
     except Exception as e:
         logger.error(f"Google SSO callback error: {e}")
-        raise HTTPException(status_code=400, detail="Authentication failed")
+        frontend_url = os.getenv("FRONTEND_URL", "http://localhost:3000")
+        return RedirectResponse(url=f"{frontend_url}?error=Authentication failed")
 
 
 @router.get("/sso/callback/github")
@@ -246,9 +263,17 @@ async def github_callback(request: Request):
         
         return response
         
+    except HTTPException as e:
+        # Handle specific HTTP exceptions (like registration disabled)
+        frontend_url = os.getenv("FRONTEND_URL", "http://localhost:3000")
+        error_msg = e.detail if hasattr(e, 'detail') else "Authentication failed"
+        logger.warning(f"GitHub SSO callback error: {error_msg}")
+        return RedirectResponse(url=f"{frontend_url}?error={error_msg}")
+        
     except Exception as e:
         logger.error(f"GitHub SSO callback error: {e}")
-        raise HTTPException(status_code=400, detail="Authentication failed")
+        frontend_url = os.getenv("FRONTEND_URL", "http://localhost:3000")
+        return RedirectResponse(url=f"{frontend_url}?error=Authentication failed")
 
 
 @router.post("/sso/unlink/{provider}", response_model=MessageResponse)
diff --git a/spotizerr-ui/src/components/auth/LoginScreen.tsx b/spotizerr-ui/src/components/auth/LoginScreen.tsx
index f26f022..c38786a 100644
--- a/spotizerr-ui/src/components/auth/LoginScreen.tsx
+++ b/spotizerr-ui/src/components/auth/LoginScreen.tsx
@@ -148,12 +148,8 @@ export function LoginScreen({ onSuccess }: LoginScreenProps) {
       <div className="w-full max-w-md">
         {/* Logo/Brand */}
         <div className="text-center mb-8">
-          <div className="flex items-center justify-center mb-4">
-            <div className="w-12 h-12 bg-primary rounded-xl flex items-center justify-center">
-              <svg className="w-8 h-8 text-white" fill="currentColor" viewBox="0 0 20 20">
-                <path d="M18 3a1 1 0 00-1.196-.98l-10 2A1 1 0 006 5v9.114A4.369 4.369 0 005 14c-1.657 0-3 .895-3 2s1.343 2 3 2 3-.895 3-2V7.82l8-1.6v5.894A4.369 4.369 0 0015 12c-1.657 0-3 .895-3 2s1.343 2 3 2 3-.895 3-2V3z" />
-              </svg>
-            </div>
+          <div className="flex items-center justify-center mb-6">
+            <img src="/spotizerr.svg" alt="Spotizerr" className="h-16 w-auto logo" />
           </div>
           <h1 className="text-3xl font-bold text-content-primary dark:text-content-primary-dark">
             Spotizerr
@@ -310,7 +306,7 @@ export function LoginScreen({ onSuccess }: LoginScreenProps) {
                 </div>
                 <div className="relative flex justify-center text-sm">
                   <span className="bg-surface dark:bg-surface-dark px-2 text-content-secondary dark:text-content-secondary-dark">
-                    Or continue with
+                    Or
                   </span>
                 </div>
               </div>
@@ -373,7 +369,7 @@ export function LoginScreen({ onSuccess }: LoginScreenProps) {
         {/* Footer */}
         <div className="mt-8 text-center">
           <p className="text-sm text-content-muted dark:text-content-muted-dark">
-            Secure music download platform
+            The music downloader
           </p>
         </div>
       </div>
diff --git a/spotizerr-ui/src/lib/api-client.ts b/spotizerr-ui/src/lib/api-client.ts
index b708911..ad45e6e 100644
--- a/spotizerr-ui/src/lib/api-client.ts
+++ b/spotizerr-ui/src/lib/api-client.ts
@@ -216,7 +216,7 @@ class AuthApiClient {
     this.setToken(loginData.access_token, rememberMe);
     
     toast.success("Login Successful", {
-      description: `Welcome back, ${loginData.user.username}!`,
+      description: `Test  , ${loginData.user.username}!`,
     });
     
     return loginData;