Allow to disable non-SSO login

With a new disable_database_login parameter under :mobilizon, :instance

Closes #1154

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2022-10-28 16:05:55 +02:00
parent fc5b6882ae
commit 579bcaba06
No known key found for this signature in database
GPG Key ID: A061B9DDE0CA0773
8 changed files with 41 additions and 18 deletions

View File

@ -19,6 +19,7 @@ config :mobilizon, :instance,
registrations_open: false, registrations_open: false,
registration_email_allowlist: [], registration_email_allowlist: [],
registration_email_denylist: [], registration_email_denylist: [],
disable_database_login: false,
languages: [], languages: [],
default_language: "en", default_language: "en",
demo: false, demo: false,

View File

@ -185,11 +185,7 @@
>{{ t("Login") }}</router-link >{{ t("Login") }}</router-link
> >
</li> </li>
<li <li v-if="!currentActor?.id && canRegister">
v-if="
!currentActor?.id && (registrationsOpen || registrationsAllowlist)
"
>
<router-link <router-link
:to="{ name: RouteName.REGISTER }" :to="{ name: RouteName.REGISTER }"
class="block py-2 pr-4 pl-3 text-zinc-700 border-b border-gray-100 hover:bg-zinc-50 md:hover:bg-transparent md:border-0 md:hover:text-mbz-purple-700 md:p-0 dark:text-zinc-400 md:dark:hover:text-white dark:hover:bg-zinc-700 dark:hover:text-white md:dark:hover:bg-transparent dark:border-gray-700" class="block py-2 pr-4 pl-3 text-zinc-700 border-b border-gray-100 hover:bg-zinc-50 md:hover:bg-transparent md:border-0 md:hover:text-mbz-purple-700 md:p-0 dark:text-zinc-400 md:dark:hover:text-white dark:hover:bg-zinc-700 dark:hover:text-white md:dark:hover:bg-transparent dark:border-gray-700"
@ -378,7 +374,7 @@ import { ICurrentUserRole } from "@/types/enums";
import { logout } from "../utils/auth"; import { logout } from "../utils/auth";
import { displayName } from "../types/actor"; import { displayName } from "../types/actor";
import RouteName from "../router/name"; import RouteName from "../router/name";
import { ref, watch } from "vue"; import { computed, ref, watch } from "vue";
import { useRouter } from "vue-router"; import { useRouter } from "vue-router";
import { useI18n } from "vue-i18n"; import { useI18n } from "vue-i18n";
import AccountCircle from "vue-material-design-icons/AccountCircle.vue"; import AccountCircle from "vue-material-design-icons/AccountCircle.vue";
@ -404,7 +400,15 @@ const router = useRouter();
// const route = useRoute(); // const route = useRoute();
const { identities } = useCurrentUserIdentities(); const { identities } = useCurrentUserIdentities();
const { registrationsOpen, registrationsAllowlist } = useRegistrationConfig(); const { registrationsOpen, registrationsAllowlist, databaseLogin } =
useRegistrationConfig();
const canRegister = computed(() => {
return (
(registrationsOpen.value || registrationsAllowlist.value) &&
databaseLogin.value
);
});
// const mobileNavbarActive = ref(false); // const mobileNavbarActive = ref(false);

View File

@ -208,7 +208,10 @@ export function useSearchConfig() {
export function useRegistrationConfig() { export function useRegistrationConfig() {
const { result, error, loading, onResult } = useQuery<{ const { result, error, loading, onResult } = useQuery<{
config: Pick<IConfig, "registrationsOpen" | "registrationsAllowlist">; config: Pick<
IConfig,
"registrationsOpen" | "registrationsAllowlist" | "auth"
>;
}>(REGISTRATIONS, undefined, { fetchPolicy: "cache-only" }); }>(REGISTRATIONS, undefined, { fetchPolicy: "cache-only" });
const registrationsOpen = computed( const registrationsOpen = computed(
@ -217,9 +220,11 @@ export function useRegistrationConfig() {
const registrationsAllowlist = computed( const registrationsAllowlist = computed(
() => result.value?.config.registrationsAllowlist () => result.value?.config.registrationsAllowlist
); );
const databaseLogin = computed(() => result.value?.config.auth.databaseLogin);
return { return {
registrationsOpen, registrationsOpen,
registrationsAllowlist, registrationsAllowlist,
databaseLogin,
error, error,
loading, loading,
onResult, onResult,

View File

@ -79,6 +79,7 @@ export const CONFIG = gql`
} }
auth { auth {
ldap ldap
databaseLogin
oauthProviders { oauthProviders {
id id
label label
@ -386,6 +387,7 @@ export const LOGIN_CONFIG = gql`
query LoginConfig { query LoginConfig {
config { config {
auth { auth {
databaseLogin
oauthProviders { oauthProviders {
id id
label label
@ -450,6 +452,9 @@ export const REGISTRATIONS = gql`
config { config {
registrationsOpen registrationsOpen
registrationsAllowlist registrationsAllowlist
auth {
databaseLogin
}
} }
} }
`; `;

View File

@ -106,6 +106,7 @@ export interface IConfig {
version: string; version: string;
auth: { auth: {
ldap: boolean; ldap: boolean;
databaseLogin: boolean;
oauthProviders: IOAuthProvider[]; oauthProviders: IOAuthProvider[];
}; };
uploadLimits: { uploadLimits: {

View File

@ -42,7 +42,7 @@
> >
{{ error }} {{ error }}
</o-notification> </o-notification>
<form @submit="loginAction"> <form @submit="loginAction" v-if="config?.auth.databaseLogin">
<o-field <o-field
:label="t('Email')" :label="t('Email')"
label-for="email" label-for="email"
@ -81,13 +81,6 @@
</p> </p>
<!-- <o-loading :is-full-page="false" v-model="submitted" /> --> <!-- <o-loading :is-full-page="false" v-model="submitted" /> -->
<div
class="control"
v-if="config && config?.auth.oauthProviders.length > 0"
>
<auth-providers :oauthProviders="config.auth.oauthProviders" />
</div>
<div class="flex flex-wrap gap-2 mt-3"> <div class="flex flex-wrap gap-2 mt-3">
<o-button <o-button
tag="router-link" tag="router-link"
@ -107,7 +100,12 @@
}" }"
>{{ t("Didn't receive the instructions?") }}</o-button >{{ t("Didn't receive the instructions?") }}</o-button
> >
<p class="control" v-if="config && config.registrationsOpen"> <p
class="control"
v-if="
config && config.registrationsOpen && config.registrationsAllowlist
"
>
<o-button <o-button
tag="router-link" tag="router-link"
variant="text" variant="text"
@ -123,6 +121,9 @@
</p> </p>
</div> </div>
</form> </form>
<div v-if="config && config?.auth.oauthProviders.length > 0">
<auth-providers :oauthProviders="config.auth.oauthProviders" />
</div>
</section> </section>
</template> </template>
@ -162,7 +163,10 @@ const route = useRoute();
const { currentUser } = useCurrentUserClient(); const { currentUser } = useCurrentUserClient();
const { result: configResult } = useQuery<{ const { result: configResult } = useQuery<{
config: Pick<IConfig, "auth" | "registrationsOpen">; config: Pick<
IConfig,
"auth" | "registrationsOpen" | "registrationsAllowlist"
>;
}>(LOGIN_CONFIG); }>(LOGIN_CONFIG);
const config = computed(() => configResult.value?.config); const config = computed(() => configResult.value?.config);

View File

@ -156,6 +156,8 @@ defmodule Mobilizon.GraphQL.Resolvers.Config do
federating: Config.instance_federating(), federating: Config.instance_federating(),
auth: %{ auth: %{
ldap: Config.ldap_enabled?(), ldap: Config.ldap_enabled?(),
database_login:
Application.get_env(:mobilizon, :instance) |> get_in([:disable_database_login]) == false,
oauth_providers: Config.oauth_consumer_strategies() oauth_providers: Config.oauth_consumer_strategies()
}, },
upload_limits: %{ upload_limits: %{

View File

@ -305,6 +305,7 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
""" """
object :auth do object :auth do
field(:ldap, :boolean, description: "Whether or not LDAP auth is enabled") field(:ldap, :boolean, description: "Whether or not LDAP auth is enabled")
field(:database_login, :boolean, description: "Whether or not database login is enabled")
field(:oauth_providers, list_of(:oauth_provider), description: "List of oauth providers") field(:oauth_providers, list_of(:oauth_provider), description: "List of oauth providers")
end end