🔒 Disable self-registration and compact admin interface

Security improvements: - Removed registration link from login page - Disabled /auth/register route - redirects with error message - Removed demo credentials from login page - Added info message: 'New users are created by administrators' UI improvements: - Compacted all admin interface buttons (btn-sm) - Reduced heading sizes (H2 → H4) for less visual dominance - Shortened badge texts ('Administrator' → 'Admin', 'Benutzer' → 'User') - Optimized spacing and reduced margins/paddings - Cleaner, more professional admin interface Access control: - Only administrators can create new users via admin panel - Self-registration completely disabled for security - Maintains full admin functionality with improved UX
2025-10-14 21:42:32 +02:00
parent f176560c02
commit 86f9117d55
10 changed files with 75 additions and 109 deletions
--- a/app/routes/pycache/api.cpython-313.pyc
+++ b/app/routes/pycache/api.cpython-313.pyc
--- a/app/routes/pycache/auth.cpython-313.pyc
+++ b/app/routes/pycache/auth.cpython-313.pyc
--- a/app/routes/auth.py
+++ b/app/routes/auth.py
@@ -24,30 +24,9 @@ def login():

@auth_bp.route('/register', methods=['GET', 'POST'])
 def register():
-    if request.method == 'POST':
-        username = request.form['username']
-        email = request.form['email']
-        password = request.form['password']
-        
-        # Prüfe ob Benutzer bereits existiert
-        if User.query.filter_by(username=username).first():
-            flash('Benutzername bereits vergeben')
-            return render_template('auth/register.html')
-        
-        if User.query.filter_by(email=email).first():
-            flash('E-Mail bereits vergeben')
-            return render_template('auth/register.html')
-        
-        # Erstelle neuen Benutzer
-        user = User(username=username, email=email)
-        user.set_password(password)
-        db.session.add(user)
-        db.session.commit()
-        
-        flash('Registrierung erfolgreich')
-        return redirect(url_for('auth.login'))
-    
-    return render_template('auth/register.html')
+    # Registrierung deaktiviert - nur Administratoren können Benutzer erstellen
+    flash('Registrierung ist deaktiviert. Wenden Sie sich an einen Administrator.', 'error')
+    return redirect(url_for('auth.login'))

@auth_bp.route('/logout')
@login_required