feat: Registrierung default AN, Einladungslinks, System-Email

- Registrierung ist standardmaessig aktiviert (erster User = Admin) - Einmal-Registrierungslinks: Admin kann Links generieren die auch bei deaktivierter Registrierung funktionieren, nach Nutzung ungueltig - Optional Link per System-Email versenden - System-SMTP in Admin-Einstellungen konfigurierbar: Server, Port, SSL, Benutzername, Passwort, Absender-Adresse - SMTP-Verbindungstest-Button - Register-Seite akzeptiert ?invite=TOKEN aus der URL Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-11 15:41:42 +02:00
parent 042a067e81
commit 113fe7140f
5 changed files with 278 additions and 12 deletions
@@ -76,7 +76,7 @@ def registration_status():
    """Check if public registration is allowed."""
    from app.models.settings import AppSettings
    is_first_user = User.query.count() == 0
-    public_registration = AppSettings.get_bool('public_registration', default=False)
+    public_registration = AppSettings.get_bool('public_registration', default=True)
    return jsonify({
        'allowed': is_first_user or public_registration,
        'is_first_user': is_first_user,
@@ -87,9 +87,19 @@ def registration_status():
 def register():
    from app.models.settings import AppSettings

-    # Check if registration is allowed
    is_first_user = User.query.count() == 0
-    if not is_first_user and not AppSettings.get_bool('public_registration', default=False):
+
+    # Check invite token (works even if public registration is off)
+    invite_token = request.args.get('invite') or (request.get_json() or {}).get('invite_token')
+    valid_invite = False
+    if invite_token:
+        from app.models.settings import AppSettings as _S
+        stored = _S.get(f'invite_{invite_token}', '')
+        if stored == 'valid':
+            valid_invite = True
+
+    # Check if registration is allowed
+    if not is_first_user and not valid_invite and not AppSettings.get_bool('public_registration', default=True):
        return jsonify({'error': 'Oeffentliche Registrierung ist deaktiviert'}), 403

    data = request.get_json()
@@ -129,6 +139,10 @@ def register():
    db.session.add(user)
    db.session.commit()

+    # Invalidate invite token if used
+    if valid_invite and invite_token:
+        AppSettings.set(f'invite_{invite_token}', 'used')
+
    access_token = create_access_token(user.id)
    refresh_token = create_refresh_token(user.id)