[bug] handle disabled registration, error 403.

If the user wants to register a new account we check whether the
provider allows registration or not right after getting the
provider.json file and show an error msg on the wizard if not allowed.

Also, there is a new signal to handle the error raised by the server if
a registration attempt is made but is rejected with error 403.

- Resolves: #6594

5 files changed, 46 insertions, 0 deletions

diff --git a/src/leap/bitmask/backend/api.py b/src/leap/bitmask/backend/api.py
index 3f6c0ad1..48aa2090 100644
--- a/src/leap/bitmask/backend/api.py
+++ b/src/leap/bitmask/backend/api.py
@@ -146,6 +146,7 @@ SIGNALS = (
     "srp_password_change_badpw",
     "srp_password_change_error",
     "srp_password_change_ok",
+    "srp_registration_disabled",
     "srp_registration_failed",
     "srp_registration_finished",
     "srp_registration_taken",
diff --git a/src/leap/bitmask/backend/leapsignaler.py b/src/leap/bitmask/backend/leapsignaler.py
index c0fdffdc..1ac51f5e 100644
--- a/src/leap/bitmask/backend/leapsignaler.py
+++ b/src/leap/bitmask/backend/leapsignaler.py
@@ -109,6 +109,7 @@ class LeapSignaler(SignalerQt):
     srp_password_change_badpw = QtCore.Signal()
     srp_password_change_error = QtCore.Signal()
     srp_password_change_ok = QtCore.Signal()
+    srp_registration_disabled = QtCore.Signal()
     srp_registration_failed = QtCore.Signal()
     srp_registration_finished = QtCore.Signal()
     srp_registration_taken = QtCore.Signal()
diff --git a/src/leap/bitmask/config/providerconfig.py b/src/leap/bitmask/config/providerconfig.py
index f454bb40..d972b280 100644
--- a/src/leap/bitmask/config/providerconfig.py
+++ b/src/leap/bitmask/config/providerconfig.py
@@ -69,6 +69,7 @@ class ProviderConfig(BaseConfig):
         details["description"] = config.get_description(lang=lang)
         details["enrollment_policy"] = config.get_enrollment_policy()
         details["services"] = config.get_services()
+        details["allow_registration"] = config.get_allow_registration()
 
         services = []
         for service in config.get_services():
@@ -177,6 +178,15 @@ class ProviderConfig(BaseConfig):
         services = self._safe_get_value("services")
         return services
 
+    def get_allow_registration(self):
+        """
+        Return whether the registration is allowed or not in the provider.
+
+        :rtype: bool
+        """
+        service = self._safe_get_value("service")
+        return service['allow_registration']
+
     def get_ca_cert_path(self, about_to_download=False):
         """
         Returns the path to the certificate for the current provider.
diff --git a/src/leap/bitmask/crypto/srpregister.py b/src/leap/bitmask/crypto/srpregister.py
index 7a216847..9bf19377 100644
--- a/src/leap/bitmask/crypto/srpregister.py
+++ b/src/leap/bitmask/crypto/srpregister.py
@@ -153,6 +153,7 @@ class SRPRegister(QtCore.QObject):
 
     STATUS_OK = (200, 201)
     STATUS_TAKEN = 422
+    STATUS_FORBIDDEN = 403
 
     def __init__(self, signaler=None,
                  provider_config=None, register_path="users"):
@@ -204,6 +205,8 @@ class SRPRegister(QtCore.QObject):
             self._signaler.signal(self._signaler.srp_registration_finished)
         elif status_code == self.STATUS_TAKEN:
             self._signaler.signal(self._signaler.srp_registration_taken)
+        elif status_code == self.STATUS_FORBIDDEN:
+            self._signaler.signal(self._signaler.srp_registration_disabled)
         else:
             self._signaler.signal(self._signaler.srp_registration_failed)
 
diff --git a/src/leap/bitmask/gui/wizard.py b/src/leap/bitmask/gui/wizard.py
index c60d967b..5145d8b6 100644
--- a/src/leap/bitmask/gui/wizard.py
+++ b/src/leap/bitmask/gui/wizard.py
@@ -385,6 +385,19 @@ class Wizard(QtGui.QWizard, SignalTracker):
         self._set_register_status(error_msg, error=True)
         self.ui.btnRegister.setEnabled(True)
 
+    def _registration_disabled(self):
+        """
+        TRIGGERS:
+            self._backend.signaler.srp_registration_disabled
+
+        The registration is disabled in the current provider.
+        """
+        self._username = self._password = None
+
+        error_msg = self.tr("The registration is disabled for this provider.")
+        self._set_register_status(error_msg, error=True)
+        self.ui.btnRegister.setEnabled(True)
+
     def _registration_taken(self):
         """
         TRIGGERS:
@@ -581,6 +594,22 @@ class Wizard(QtGui.QWizard, SignalTracker):
         :type details: dict
         """
         self._provider_details = details
+        self._check_registration_allowed()
+
+    def _check_registration_allowed(self):
+        """
+        Check whether the provider allows new users registration or not.
+        If it is not allowed we display a message and prevent the user moving
+        forward on the wizard.
+        """
+        if self._show_register:  # user wants to register a new account
+            if not self._provider_details['allow_registration']:
+                logger.debug("Registration not allowed")
+                status = ("<font color='red'><b>" +
+                          self.tr("The provider has disabled registration") +
+                          "</b></font>")
+                self.ui.lblProviderSelectStatus.setText(status)
+                self.button(QtGui.QWizard.NextButton).setEnabled(False)
 
     def _download_ca_cert(self, data):
         """
@@ -686,6 +715,7 @@ class Wizard(QtGui.QWizard, SignalTracker):
                 self._skip_provider_checks(skip)
             else:
                 self._enable_check(reset=False)
+                self._check_registration_allowed()
 
         if pageId == self.SETUP_PROVIDER_PAGE:
             if not self._provider_setup_ok:
@@ -765,5 +795,6 @@ class Wizard(QtGui.QWizard, SignalTracker):
         conntrack(sig.prov_check_api_certificate, self._check_api_certificate)
 
         conntrack(sig.srp_registration_finished, self._registration_finished)
+        conntrack(sig.srp_registration_disabled, self._registration_disabled)
         conntrack(sig.srp_registration_failed, self._registration_failed)
         conntrack(sig.srp_registration_taken, self._registration_taken)