feat: Disable onboarding completely

TomBursch · Nov 19, 2024 · a943dbc · a943dbc
1 parent 4178bef
commit a943dbc
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 1 deletion.
diff --git a/backend/app/config.py b/backend/app/config.py
@@ -48,6 +48,7 @@
 OPEN_REGISTRATION = os.getenv("OPEN_REGISTRATION", "False").lower() == "true"
 DISABLE_USERNAME_PASSWORD_LOGIN = os.getenv("DISABLE_USERNAME_PASSWORD_LOGIN", "False").lower() == "true"
 EMAIL_MANDATORY = os.getenv("EMAIL_MANDATORY", "False").lower() == "true"
+DISABLE_ONBOARDING = os.getenv("DISABLE_ONBOARDING", "False").lower() == "true"
 
 COLLECT_METRICS = os.getenv("COLLECT_METRICS", "False").lower() == "true"
 

diff --git a/backend/app/controller/onboarding/onboarding_controller.py b/backend/app/controller/onboarding/onboarding_controller.py
@@ -1,3 +1,4 @@
+from app.config import DISABLE_ONBOARDING
 from app.helpers import validate_args
 from flask import jsonify, Blueprint
 from app.models import User, Token
@@ -8,14 +9,15 @@
 
 @onboarding.route("", methods=["GET"])
 def isOnboarding():
+    if DISABLE_ONBOARDING: return jsonify({"onboarding": False})
     onboarding = User.count() == 0
     return jsonify({"onboarding": onboarding})
 
 
 @onboarding.route("", methods=["POST"])
 @validate_args(OnboardSchema)
 def onboard(args):
-    if User.count() > 0:
+    if User.count() > 0 or DISABLE_ONBOARDING:
         return jsonify({"msg": "Onboarding not allowed"}), 403
 
     user = User.create(args["username"], args["password"], args["name"], admin=True)

diff --git a/docs/docs/self-hosting/advanced.md b/docs/docs/self-hosting/advanced.md
@@ -21,6 +21,7 @@ Environment variables for `tombursch/kitchenowl` and `tombursch/kitchenowl-backe
 | `FRONT_URL`                       |                            | Adds allow origin CORS header for the URL. If set, should exactly match KitchenOwl's URL including the schema (e.g. `https://app.kitchenowl.org`)     |
 | `PRIVACY_POLICY_URL`              |                            | Allows to set a custom privacy policy for your server instance                                                                                        |
 | `DISABLE_USERNAME_PASSWORD_LOGIN` | `false`                    | If set, allows login only through OpenID Connect (OIDC). Be aware: this won't change the UI and automatically disables `OPEN_REGISTRATION`            |
+| `DISABLE_ONBOARDING`              | `false`                    | If set, disables the onboarding process (i.e. creating a user if none are present on the server). If set the first user has to manually be added      |
 | `OPEN_REGISTRATION`               | `false`                    | If set, allows anyone to create an account on your server                                                                                             |
 | `EMAIL_MANDATORY`                 | `false`                    | Makes the email a mandatory field when registering (Only relevant if `OPEN_REGISTRATION` is set)                                                      |
 | `COLLECT_METRICS`                 | `false`                    | Enables a Prometheus metrics endpoint at `/metrics/`. If enabled can be reached over the frontend container on port 9100 (e.g. `front:9100/metrics/`) |