Flagsmith · matthewelwell · Sep 5, 2023 · Sep 4, 2023
@@ -57,15 +57,15 @@ def _get_user(self, user_data: dict):
         existing_user = UserModel.objects.filter(email=email).first()
 
         if not existing_user:
+            sign_up_type = self.validated_data.get("sign_up_type")
             if not (
                 settings.ALLOW_REGISTRATION_WITHOUT_INVITE
+                or sign_up_type == SignUpType.INVITE_LINK.value
                 or Invite.objects.filter(email=email).exists()
             ):
                 raise PermissionDenied(USER_REGISTRATION_WITHOUT_INVITE_ERROR_MESSAGE)
 
-            return UserModel.objects.create(
-                **user_data, sign_up_type=self.validated_data.get("sign_up_type")
-            )
+            return UserModel.objects.create(**user_data, sign_up_type=sign_up_type)
 
         return existing_user
 

@@ -4,13 +4,16 @@
 from django.contrib.auth import get_user_model
 from django.test import RequestFactory
 from django.utils import timezone
+from pytest_django.fixtures import SettingsWrapper
+from pytest_mock import MockerFixture
 from rest_framework.authtoken.models import Token
 
 from custom_auth.oauth.serializers import (
     GithubLoginSerializer,
     GoogleLoginSerializer,
     OAuthLoginSerializer,
 )
+from users.models import SignUpType
 
 UserModel = get_user_model()
 
@@ -131,3 +134,31 @@ def test_OAuthLoginSerializer_calls_is_authentication_method_valid_correctly_if_
         email=user_email,
         raise_exception=True,
     )
+
+
+def test_OAuthLoginSerializer_allows_registration_if_sign_up_type_is_invite_link(
+    settings: SettingsWrapper, rf: RequestFactory, mocker: MockerFixture, db: None
+):
+    # Given
+    settings.ALLOW_REGISTRATION_WITHOUT_INVITE = False
+
+    request = rf.post("/api/v1/auth/users/")
+    user_email = "[email protected]"
+
+    serializer = OAuthLoginSerializer(
+        data={
+            "access_token": "some_token",
+            "sign_up_type": SignUpType.INVITE_LINK.value,
+        },
+        context={"request": request},
+    )
+    # monkey patch the get_user_info method to return the mock user data
+    serializer.get_user_info = lambda: {"email": user_email}
+
+    serializer.is_valid(raise_exception=True)
+
+    # When
+    user = serializer.save()
+
+    # Then
+    assert user
@@ -7,7 +7,7 @@
 
 from organisations.invites.models import Invite
 from users.constants import DEFAULT_DELETE_ORPHAN_ORGANISATIONS_VALUE
-from users.models import FFAdminUser
+from users.models import FFAdminUser, SignUpType
 
 from .constants import USER_REGISTRATION_WITHOUT_INVITE_ERROR_MESSAGE
 
@@ -64,6 +64,7 @@ def get_key(instance):
     def save(self, **kwargs):
         if not (
             settings.ALLOW_REGISTRATION_WITHOUT_INVITE
+            or self.validated_data.get("sign_up_type") == SignUpType.INVITE_LINK.value
             or Invite.objects.filter(email=self.validated_data.get("email"))
         ):
             raise PermissionDenied(USER_REGISTRATION_WITHOUT_INVITE_ERROR_MESSAGE)

@@ -1,5 +1,8 @@
+from django.test import RequestFactory
+from pytest_django.fixtures import SettingsWrapper
+
 from custom_auth.serializers import CustomUserCreateSerializer
-from users.models import FFAdminUser
+from users.models import FFAdminUser, SignUpType
 
 user_dict = {
     "email": "[email protected]",
@@ -53,3 +56,28 @@ def test_CustomUserCreateSerializer_calls_is_authentication_method_valid_correct
         email=user_dict["email"],
         raise_exception=True,
     )
+
+
+def test_CustomUserCreateSerializer_allows_registration_if_sign_up_type_is_invite_link(
+    db: None,
+    settings: SettingsWrapper,
+    rf: RequestFactory,
+) -> None:
+    # Given
+    settings.ALLOW_REGISTRATION_WITHOUT_INVITE = False
+
+    data = {
+        **user_dict,
+        "sign_up_type": SignUpType.INVITE_LINK.value,
+    }
+
+    serializer = CustomUserCreateSerializer(
+        data=data, context={"request": rf.post("/v1/auth/users/")}
+    )
+    assert serializer.is_valid()
+
+    # When
+    user = serializer.save()
+
+    # Then
+    assert user