Add DISABLE_USER_LOGIN feature flag for read-only mode

[Copilot]

Adds a feature flag to disable end-user login, making the site read-only. Admin login via Django admin remains unaffected.

Changes

• Backend (open_discussions/features.py, authentication/views.py):

  • New DISABLE_USER_LOGIN feature flag
  • SocialAuthAPIView.post() returns 403 when flag is enabled, blocking all login/register API endpoints

• Frontend (LoginPage.js, RegisterPage.js):

  • Replaces forms with "Login is currently disabled. The site is now read-only." message when flag is enabled

• Tests:

  • Backend: Parametrized test covering all 5 auth endpoints
  • Frontend: Test suites for disabled state on both pages

Usage

FEATURE_DISABLE_USER_LOGIN=True

Endpoints affected

• /api/v0/login/email/
• /api/v0/login/password/
• /api/v0/register/email/
• /api/v0/register/confirm/
• /api/v0/register/details/

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• api.launchpad.net
  • Triggering command: /usr/bin/add-apt-repository add-apt-repository ppa:deadsnakes/ppa -y (dns block)
• esm.ubuntu.com
  • Triggering command: /usr/lib/apt/methods/https /usr/lib/apt/methods/https (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Add a feature flag for user login</issue_title>
<issue_description>### User Story

After December 31st, 2025, we will stop allowing new posts, comments, and upvotes on open.mit.edu, and the site will become read-only. To enact this policy change, we would like to add a simple switch that can disable end-user login. Removing login code will be a future exercise (if we do it at all).

Admin should still be able to login with username and password via the django admin.

Description/Context

Acceptance Criteria

• Add a feature flag / setting that when set to true disables end user login
• When the flag is true:
  • The login form at https://open.mit.edu/login/ should not render
  • the login form should be replaced with a brief message about how login is disabled and how the site is no read-only
  • public login APIs should be disabled
  • The sign up form at https://open.mit.edu/signup/ should not render
  • The sign up form should be replaced by the same brief message as the one on the login page
  • public APIs for creating accounts should be disabled

Plan/Design

Before writing code for this, please update this plan section with your plan

Future steps out of scope for this issue

• remove Touchstone login integration
• remove MicroMasters login integration

</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Add a feature flag to disable user login #4406

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.