From 67953ac42e5c78751a398dea932978cdfe9b4f69 Mon Sep 17 00:00:00 2001
From: PV Tejas <pvtejas@protonmail.com>
Date: Sun, 1 Mar 2026 19:30:52 +0530
Subject: [PATCH] Remove register URL | Closes #2

---
 flaskr/__init__.py         | 1 +
 flaskr/auth.py             | 5 +++--
 flaskr/templates/base.html | 1 -
 tests/conftest.py          | 1 +
 tests/test_auth.py         | 4 ++++
 tests/test_blog.py         | 2 +-
 6 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/flaskr/__init__.py b/flaskr/__init__.py
index ed7d989..7d7ec81 100644
--- a/flaskr/__init__.py
+++ b/flaskr/__init__.py
@@ -8,6 +8,7 @@ def create_app(test_config=None):
     app.config.from_mapping(
         SECRET_KEY='dev',
         DATABASE=os.path.join(app.instance_path, 'flaskr.sqlite'),
+        ALLOW_REGISTER=False,
     )
 
     app.wsgi_app = ProxyFix(
diff --git a/flaskr/auth.py b/flaskr/auth.py
index ad930fb..6b95143 100644
--- a/flaskr/auth.py
+++ b/flaskr/auth.py
@@ -1,7 +1,7 @@
 import functools
 
 from flask import (
-    Blueprint, flash, g, redirect, render_template, request, session, url_for
+    Blueprint, flash, g, redirect, render_template, request, session, url_for, current_app
 )
 from werkzeug.security import check_password_hash, generate_password_hash
 
@@ -11,7 +11,8 @@ bp = Blueprint('auth', __name__, url_prefix='/auth')
 
 @bp.route('/register', methods=('GET', 'POST'))
 def register():
-    # return "Admin only", 403
+    if not current_app.config["ALLOW_REGISTER"]:
+        return "Admin only", 403
     if request.method == 'POST':
         username = request.form['username']
         password = request.form['password']
diff --git a/flaskr/templates/base.html b/flaskr/templates/base.html
index 6c1d788..152f1af 100644
--- a/flaskr/templates/base.html
+++ b/flaskr/templates/base.html
@@ -9,7 +9,6 @@
       <li><span>{{ g.user['username'] }}</span>
       <li><a href="{{ url_for('auth.logout') }}">Log Out</a>
     {% else %}
-      <li><a href="{{ url_for('auth.register') }}">Register</a>
       <li><a href="{{ url_for('auth.login') }}">Log In</a>
     {% endif %}
   </ul>
diff --git a/tests/conftest.py b/tests/conftest.py
index 2db6e29..836a5ad 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -15,6 +15,7 @@ def app():
     app = create_app({
         'TESTING': True,
         'DATABASE': db_path,
+        'ALLOW_REGISTER': True,
     })
 
     with app.app_context():
diff --git a/tests/test_auth.py b/tests/test_auth.py
index d9b9b9e..1f45590 100644
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@@ -14,6 +14,10 @@ def test_register(client, app):
             "SELECT * FROM user WHERE USERNAME = 'a'",
         ).fetchone() is not None
 
+    app.config["ALLOW_REGISTER"] = False
+    response = client.get('/auth/register')
+    assert b"Admin only" in response.data
+
 @pytest.mark.parametrize(('username', 'password', 'message'), (
     ('', '', b'Username is required.'),
     ('a', '', b'Password is required.'),
diff --git a/tests/test_blog.py b/tests/test_blog.py
index deb52bc..5f7e816 100644
--- a/tests/test_blog.py
+++ b/tests/test_blog.py
@@ -4,7 +4,7 @@ from flaskr.db import get_db
 def test_index(client, auth):
     response = client.get('/')
     assert b"Log In" in response.data
-    assert b"Register" in response.data
+    assert b"Register" not in response.data
 
     auth.login()
     response = client.get('/')