Merge lp:~maxiberta/canonical-identity-provider/disable-user-registration-api into lp:canonical-identity-provider/release
Status: | Merged |
---|---|
Approved by: | Maximiliano Bertacchini |
Approved revision: | no longer in the source branch. |
Merge reported by: | Otto Co-Pilot |
Merged at revision: | not available |
Proposed branch: | lp:~maxiberta/canonical-identity-provider/disable-user-registration-api |
Merge into: | lp:canonical-identity-provider/release |
Diff against target: |
199 lines (+117/-1) 5 files modified
src/api/v10/handlers.py (+8/-0) src/api/v10/tests/test_handlers.py (+71/-1) src/api/v20/handlers.py (+6/-0) src/api/v20/tests/test_handlers.py (+27/-0) src/api/v20/utils.py (+5/-0) |
To merge this branch: | bzr merge lp:~maxiberta/canonical-identity-provider/disable-user-registration-api |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Natalia Bidart (community) | Approve | ||
Review via email: mp+356766@code.launchpad.net |
Commit message
Disable user registration via API v1/v2 (via USER_REGISTRATI
Description of the change
It was agreed that account registration via API should be disabled/not allowed; leaving the web UI as the only means of registration.
User registration via web internally POSTs to http://
The presence of the X-Forwarded-For header is used to mark a request as coming from an external client, instead of `request.
Some stats from sso-app/4 in PROD in the last 120 days (details: https:/ /pastebin. canonical. com/p/JXcXz6yyY 7/):
- POST /api/1. 0/registration: 731 hits (broken due to dead reCaptcha v1). 1/registration: 0 hits (broken due to dead reCaptcha v1).
- POST /api/1.
- POST /api/v2/accounts: 80848 hits total, 64199 successful (returning 201), of which only 424 *not* coming from 127.0.0.1.
In summary: only 424 successful account registrations via API in the last 4 months (in this host out of 4 units total).