From df29d6a2bcec7c6982071c2af729d22a7eeec296 Mon Sep 17 00:00:00 2001 From: kamtschatka Date: Mon, 23 Sep 2024 21:44:52 +0200 Subject: [PATCH 1/2] [Feature Request] Allow to disable default password log in after SSO is configured #406 Added the DISABLE_LOCAL_SIGNUPS that can be used to force OAuth signups only --- apps/web/components/signin/CredentialsForm.tsx | 3 ++- apps/web/lib/clientConfig.tsx | 1 + docs/docs/03-configuration.md | 3 ++- packages/shared/config.ts | 3 +++ packages/trpc/routers/users.ts | 10 ++++++++-- 5 files changed, 16 insertions(+), 4 deletions(-) diff --git a/apps/web/components/signin/CredentialsForm.tsx b/apps/web/components/signin/CredentialsForm.tsx index a505f699..4af7e0f9 100644 --- a/apps/web/components/signin/CredentialsForm.tsx +++ b/apps/web/components/signin/CredentialsForm.tsx @@ -233,7 +233,8 @@ export default function CredentialsForm() { - {clientConfig.auth.disableSignups ? ( + {clientConfig.auth.disableSignups || + clientConfig.auth.disableLocalSignups ? (

Signups are currently disabled.

) : ( diff --git a/apps/web/lib/clientConfig.tsx b/apps/web/lib/clientConfig.tsx index 50e9774d..87febad5 100644 --- a/apps/web/lib/clientConfig.tsx +++ b/apps/web/lib/clientConfig.tsx @@ -6,6 +6,7 @@ export const ClientConfigCtx = createContext({ demoMode: undefined, auth: { disableSignups: false, + disableLocalSignups: false, }, serverVersion: undefined, disableNewReleaseCheck: true, diff --git a/docs/docs/03-configuration.md b/docs/docs/03-configuration.md index f026977e..7531ffa8 100644 --- a/docs/docs/03-configuration.md +++ b/docs/docs/03-configuration.md @@ -26,8 +26,9 @@ When setting up OAuth, the allowed redirect URLs configured at the provider shou ::: | Name | Required | Default | Description | -| ------------------------------------------- | -------- | ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +|---------------------------------------------| -------- | ---------------------- |---------------------------------------------------------------------------------------------------------------------------------------------------------------------| | DISABLE_SIGNUPS | No | false | If enabled, no new signups will be allowed and the signup button will be disabled in the UI | +| DISABLE_LOCAL_SIGNUPS | No | false | If enabled, only signups using OAuth are allowed and the signup button for a local account will be disabled in the UI | | OAUTH_WELLKNOWN_URL | No | Not set | The "wellknown Url" for openid-configuration as provided by the OAuth provider | | OAUTH_CLIENT_SECRET | No | Not set | The "Client Secret" as provided by the OAuth provider | | OAUTH_CLIENT_ID | No | Not set | The "Client ID" as provided by the OAuth provider | diff --git a/packages/shared/config.ts b/packages/shared/config.ts index 21cdb1c8..12f0ed6b 100644 --- a/packages/shared/config.ts +++ b/packages/shared/config.ts @@ -10,6 +10,7 @@ const stringBool = (defaultValue: string) => const allEnv = z.object({ API_URL: z.string().url().default("http://localhost:3000"), DISABLE_SIGNUPS: stringBool("false"), + DISABLE_LOCAL_SIGNUPS: stringBool("false"), OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING: stringBool("false"), OAUTH_WELLKNOWN_URL: z.string().url().optional(), OAUTH_CLIENT_SECRET: z.string().optional(), @@ -53,6 +54,7 @@ const serverConfigSchema = allEnv.transform((val) => { apiUrl: val.API_URL, auth: { disableSignups: val.DISABLE_SIGNUPS, + disableLocalSignups: val.DISABLE_LOCAL_SIGNUPS, oauth: { allowDangerousEmailAccountLinking: val.OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING, @@ -112,6 +114,7 @@ export const clientConfig = { demoMode: serverConfig.demoMode, auth: { disableSignups: serverConfig.auth.disableSignups, + disableLocalSignups: serverConfig.auth.disableLocalSignups, }, serverVersion: serverConfig.serverVersion, disableNewReleaseCheck: serverConfig.disableNewReleaseCheck, diff --git a/packages/trpc/routers/users.ts b/packages/trpc/routers/users.ts index 51f9429e..f753eb67 100644 --- a/packages/trpc/routers/users.ts +++ b/packages/trpc/routers/users.ts @@ -29,10 +29,16 @@ export const usersAppRouter = router({ }), ) .mutation(async ({ input, ctx }) => { - if (serverConfig.auth.disableSignups) { + if ( + serverConfig.auth.disableSignups || + serverConfig.auth.disableLocalSignups + ) { + const errorMessage = serverConfig.auth.disableLocalSignups + ? "Local Signups are disabled in the server config. Use OAuth instead!" + : "Signups are disabled in server config"; throw new TRPCError({ code: "FORBIDDEN", - message: "Signups are disabled in server config", + message: errorMessage, }); } // TODO: This is racy, but that's probably fine. From 8ca78828107d03451ec3ade15520fbc83bdae8f3 Mon Sep 17 00:00:00 2001 From: MohamedBassem Date: Sun, 6 Oct 2024 08:02:49 +0000 Subject: [PATCH 2/2] rename local signups to password signups --- apps/web/components/signin/CredentialsForm.tsx | 2 +- apps/web/lib/clientConfig.tsx | 2 +- docs/docs/03-configuration.md | 4 ++-- packages/shared/config.ts | 6 +++--- packages/trpc/routers/users.ts | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/apps/web/components/signin/CredentialsForm.tsx b/apps/web/components/signin/CredentialsForm.tsx index 4af7e0f9..a35b768f 100644 --- a/apps/web/components/signin/CredentialsForm.tsx +++ b/apps/web/components/signin/CredentialsForm.tsx @@ -234,7 +234,7 @@ export default function CredentialsForm() { {clientConfig.auth.disableSignups || - clientConfig.auth.disableLocalSignups ? ( + clientConfig.auth.disablePasswordSignups ? (

Signups are currently disabled.

) : ( diff --git a/apps/web/lib/clientConfig.tsx b/apps/web/lib/clientConfig.tsx index b4440239..90e6d35c 100644 --- a/apps/web/lib/clientConfig.tsx +++ b/apps/web/lib/clientConfig.tsx @@ -6,7 +6,7 @@ export const ClientConfigCtx = createContext({ demoMode: undefined, auth: { disableSignups: false, - disableLocalSignups: false, + disablePasswordSignups: false, }, inference: { inferredTagLang: "english", diff --git a/docs/docs/03-configuration.md b/docs/docs/03-configuration.md index 7531ffa8..d1b587ad 100644 --- a/docs/docs/03-configuration.md +++ b/docs/docs/03-configuration.md @@ -26,9 +26,9 @@ When setting up OAuth, the allowed redirect URLs configured at the provider shou ::: | Name | Required | Default | Description | -|---------------------------------------------| -------- | ---------------------- |---------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| ------------------------------------------- | -------- | ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | DISABLE_SIGNUPS | No | false | If enabled, no new signups will be allowed and the signup button will be disabled in the UI | -| DISABLE_LOCAL_SIGNUPS | No | false | If enabled, only signups using OAuth are allowed and the signup button for a local account will be disabled in the UI | +| DISABLE_PASSWORD_SIGNUPS | No | false | If enabled, only signups using OAuth are allowed and the signup button for a local account will be disabled in the UI | | OAUTH_WELLKNOWN_URL | No | Not set | The "wellknown Url" for openid-configuration as provided by the OAuth provider | | OAUTH_CLIENT_SECRET | No | Not set | The "Client Secret" as provided by the OAuth provider | | OAUTH_CLIENT_ID | No | Not set | The "Client ID" as provided by the OAuth provider | diff --git a/packages/shared/config.ts b/packages/shared/config.ts index 952df2d8..288becab 100644 --- a/packages/shared/config.ts +++ b/packages/shared/config.ts @@ -10,7 +10,7 @@ const stringBool = (defaultValue: string) => const allEnv = z.object({ API_URL: z.string().url().default("http://localhost:3000"), DISABLE_SIGNUPS: stringBool("false"), - DISABLE_LOCAL_SIGNUPS: stringBool("false"), + DISABLE_PASSWORD_SIGNUPS: stringBool("false"), OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING: stringBool("false"), OAUTH_WELLKNOWN_URL: z.string().url().optional(), OAUTH_CLIENT_SECRET: z.string().optional(), @@ -54,7 +54,7 @@ const serverConfigSchema = allEnv.transform((val) => { apiUrl: val.API_URL, auth: { disableSignups: val.DISABLE_SIGNUPS, - disableLocalSignups: val.DISABLE_LOCAL_SIGNUPS, + disablePasswordSignups: val.DISABLE_PASSWORD_SIGNUPS, oauth: { allowDangerousEmailAccountLinking: val.OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING, @@ -114,7 +114,7 @@ export const clientConfig = { demoMode: serverConfig.demoMode, auth: { disableSignups: serverConfig.auth.disableSignups, - disableLocalSignups: serverConfig.auth.disableLocalSignups, + disablePasswordSignups: serverConfig.auth.disablePasswordSignups, }, inference: { inferredTagLang: serverConfig.inference.inferredTagLang, diff --git a/packages/trpc/routers/users.ts b/packages/trpc/routers/users.ts index 2dd39777..736e7e2f 100644 --- a/packages/trpc/routers/users.ts +++ b/packages/trpc/routers/users.ts @@ -31,9 +31,9 @@ export const usersAppRouter = router({ .mutation(async ({ input, ctx }) => { if ( serverConfig.auth.disableSignups || - serverConfig.auth.disableLocalSignups + serverConfig.auth.disablePasswordSignups ) { - const errorMessage = serverConfig.auth.disableLocalSignups + const errorMessage = serverConfig.auth.disablePasswordSignups ? "Local Signups are disabled in the server config. Use OAuth instead!" : "Signups are disabled in server config"; throw new TRPCError({