Skip to content

Add DISABLE_USER_LOGIN feature flag for read-only mode#4407

Draft
Copilot wants to merge 2 commits intomasterfrom
copilot/add-feature-flag-user-login
Draft

Add DISABLE_USER_LOGIN feature flag for read-only mode#4407
Copilot wants to merge 2 commits intomasterfrom
copilot/add-feature-flag-user-login

Conversation

Copy link
Contributor

Copilot AI commented Dec 4, 2025

Adds a feature flag to disable end-user login, making the site read-only. Admin login via Django admin remains unaffected.

Changes

  • Backend (open_discussions/features.py, authentication/views.py):

    • New DISABLE_USER_LOGIN feature flag
    • SocialAuthAPIView.post() returns 403 when flag is enabled, blocking all login/register API endpoints
  • Frontend (LoginPage.js, RegisterPage.js):

    • Replaces forms with "Login is currently disabled. The site is now read-only." message when flag is enabled
  • Tests:

    • Backend: Parametrized test covering all 5 auth endpoints
    • Frontend: Test suites for disabled state on both pages

Usage

FEATURE_DISABLE_USER_LOGIN=True

Endpoints affected

  • /api/v0/login/email/
  • /api/v0/login/password/
  • /api/v0/register/email/
  • /api/v0/register/confirm/
  • /api/v0/register/details/

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • api.launchpad.net
    • Triggering command: /usr/bin/add-apt-repository add-apt-repository ppa:deadsnakes/ppa -y (dns block)
  • esm.ubuntu.com
    • Triggering command: /usr/lib/apt/methods/https /usr/lib/apt/methods/https (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

This section details on the original issue you should resolve

<issue_title>Add a feature flag for user login</issue_title>
<issue_description>### User Story

After December 31st, 2025, we will stop allowing new posts, comments, and upvotes on open.mit.edu, and the site will become read-only. To enact this policy change, we would like to add a simple switch that can disable end-user login. Removing login code will be a future exercise (if we do it at all).

Admin should still be able to login with username and password via the django admin.

Description/Context

Acceptance Criteria

  • Add a feature flag / setting that when set to true disables end user login
  • When the flag is true:
    • The login form at https://open.mit.edu/login/ should not render
    • the login form should be replaced with a brief message about how login is disabled and how the site is no read-only
    • public login APIs should be disabled
    • The sign up form at https://open.mit.edu/signup/ should not render
    • The sign up form should be replaced by the same brief message as the one on the login page
    • public APIs for creating accounts should be disabled

Plan/Design

Before writing code for this, please update this plan section with your plan

Future steps out of scope for this issue

  • remove Touchstone login integration
  • remove MicroMasters login integration

</issue_description>

Comments on the Issue (you are @copilot in this section)


💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Co-authored-by: pdpinch <430126+pdpinch@users.noreply.github.com>
Copilot AI changed the title [WIP] Add feature flag to disable end-user login Add DISABLE_USER_LOGIN feature flag for read-only mode Dec 4, 2025
Copilot AI requested a review from pdpinch December 4, 2025 13:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add a feature flag to disable user login

2 participants

Comments