Add a demo mode with public sign-up form

fbb5cc6d · Arie Peterson · 179473ef · fbb5cc6d · fbb5cc6d · fbb5cc6d
Commit fbb5cc6d authored 2 years ago by Arie Peterson
--- a/backend/areas/users/users.py
+++ b/backend/areas/users/users.py
 from flask import jsonify, request
-from flask_jwt_extended import get_jwt, jwt_required
 from flask_cors import cross_origin
 from flask_expects_json import expects_json
+from flask_jwt_extended import get_jwt, jwt_required

 from areas import api_v1
 from helpers import KratosApi

--- a/backend/config.py
+++ b/backend/config.py
@@ -21,3 +21,5 @@ SQLALCHEMY_TRACK_MODIFICATIONS = False
 # running in a Kubernetes pod. Set it to "false" to load the config from the
 # `KUBECONFIG` environment variable.
 LOAD_INCLUSTER_CONFIG = os.environ.get("LOAD_INCLUSTER_CONFIG").lower() == "true"
+
+DEMO_INSTANCE = os.environ.get("DASHBOARD_DEMO_INSTANCE", "False").lower() in ('true', '1')
--- a/backend/web/login/login.py
+++ b/backend/web/login/login.py
@@ -16,7 +16,7 @@ from ory_hydra_client.models import AcceptConsentRequest, AcceptLoginRequest, Co
 import ory_hydra_client.exceptions as hydra_exceptions
 import ory_kratos_client
 from ory_kratos_client.api import frontend_api, identity_api
-from flask import abort, redirect, render_template, request, current_app
+from flask import abort, current_app, jsonify, redirect, render_template, request

 from database import db
 from helpers import KratosUser
@@ -24,6 +24,8 @@ from config import *
 from web import web
 from areas.apps import AppRole, App, OAuthClientApp
 from areas.roles import RoleService
+from areas.roles.models import Role
+from areas.users.user_service import UserService


 # This is a circular import and should be solved differently
@@ -159,7 +161,7 @@ def login():
    # or `not identity`
    #     User is not logged in yet.
    # In either case, we present the login screen now.
-    return render_template("login.html", api_url=KRATOS_PUBLIC_URL, dashboard_url=DASHBOARD_URL, refresh=refresh)
+    return render_template("login.html", api_url=KRATOS_PUBLIC_URL, dashboard_url=DASHBOARD_URL, refresh=refresh, demo=DEMO_INSTANCE)


 @web.route("/auth", methods=["GET", "POST"])
@@ -520,3 +522,14 @@ def logout():
            ex)
    return redirect(kratos_api_response.logout_url)

+
+if DEMO_INSTANCE:
+    @web.route("/demo-user", methods=["POST"])
+    def demo_user():
+        data = request.get_json()
+        defaults = {
+            "name": "",
+            "app_roles": [{"name": "dashboard", "role_id": Role.ADMIN_ROLE_ID}],
+        }
+        UserService.post_user({**defaults, **data})
+        return jsonify("User created successfully. You should receive an email to confirm your address and set a password.")
--- a/backend/web/templates/login.html
+++ b/backend/web/templates/login.html
@@ -24,5 +24,43 @@
    <div id="contentHelp">
        <a href='recovery'>Set new password</a> | <a href='https://stackspin.net'>About stackspin</a>
    </div>
+{% if demo %}
+  <br>
+  <script>
+    function submitSignup() {
+      let result = document.querySelector('#signup-result');
+      let email = document.querySelector('#signup-email');
+      let xhr = new XMLHttpRequest();
+      let url = "/web/demo-user";
+      xhr.open("POST", url, true);
+      xhr.setRequestHeader("Content-Type", "application/json");
+      xhr.onreadystatechange = function () {
+        if (xhr.readyState === 4) {
+          result.innerHTML = this.responseText;
+        }
+      };
+      // Converting JSON data to string
+      var data = JSON.stringify({"email": email.value });
+      // Sending data with the request
+      xhr.send(data);
+      }
+  </script>
+  <h2>Sign up for this demo instance</h2>
+  Enter your email address here to create an account on this Stackspin
+  instance.
+  <div class="alert alert-warning">Warning: this is a demo instance! That means that:
+  <ul>
+    <li>Anyone can create an account on this same instance, like yourself,
+      and will share the same set of users and data. So any data you create
+      or upload, including the email address you enter here, becomes
+      essentially public information.</li>
+    <li>Every night (Europe/Amsterdam time), this instance gets automatically
+      reset to an empty state, so any data you create or upload will be
+      destroyed.</li>
+  </ul>
+  </div>
+  <div class="form-group"><label for="signup-email">Email address</label><input type="email" class="form-control" id="signup-email" name="signup-email" placeholder="Your email address to sign up with."></div>
+  <div class="form-group"><button class="btn btn-primary" onclick="submitSignup()">Sign up</button><p id="signup-result"></p></div>
+{% endif %}

 {% endblock %}