diff --git a/src/main/java/org/akhq/configs/Ldap.java b/src/main/java/org/akhq/configs/Ldap.java index 120fb7aeb..de0f7151b 100644 --- a/src/main/java/org/akhq/configs/Ldap.java +++ b/src/main/java/org/akhq/configs/Ldap.java @@ -13,8 +13,4 @@ public class Ldap { private String defaultGroup; private List groups = new ArrayList<>(); private List users = new ArrayList<>(); - - public boolean isEnabled() { - return StringUtils.hasText(defaultGroup) || !getGroups().isEmpty() || !getUsers().isEmpty(); - } } diff --git a/src/main/java/org/akhq/controllers/AkhqController.java b/src/main/java/org/akhq/controllers/AkhqController.java index 84e6da02c..c2cee6b67 100644 --- a/src/main/java/org/akhq/controllers/AkhqController.java +++ b/src/main/java/org/akhq/controllers/AkhqController.java @@ -1,5 +1,6 @@ package org.akhq.controllers; +import io.micronaut.configuration.security.ldap.configuration.LdapConfiguration; import io.micronaut.context.ApplicationContext; import io.micronaut.core.annotation.Introspected; import io.micronaut.http.HttpResponse; @@ -31,9 +32,6 @@ public class AkhqController extends AbstractController { @Inject private ApplicationContext applicationContext; - @Inject - private Ldap ldap; - @Inject private SecurityProperties securityProperties; @@ -69,7 +67,9 @@ public AuthDefinition auths() { if (applicationContext.containsBean(SecurityService.class)) { authDefinition.loginEnabled = true; - authDefinition.formEnabled = securityProperties.getBasicAuth().size() > 0 || ldap.isEnabled(); + // Display login form if there are LocalUsers OR Ldap is enabled + authDefinition.formEnabled = securityProperties.getBasicAuth().size() > 0 || + applicationContext.containsBean(LdapConfiguration.class); } if (oidc.isEnabled()) { diff --git a/src/test/java/org/akhq/controllers/AkhqControllerTest.java b/src/test/java/org/akhq/controllers/AkhqControllerTest.java index 6be795d19..780e0ba64 100644 --- a/src/test/java/org/akhq/controllers/AkhqControllerTest.java +++ b/src/test/java/org/akhq/controllers/AkhqControllerTest.java @@ -32,6 +32,7 @@ void auth() { ); assertTrue(result.isLoginEnabled()); + assertTrue(result.isFormEnabled()); } @Test diff --git a/src/test/java/org/akhq/modules/OidcAuthenticationProviderTest.java b/src/test/java/org/akhq/modules/OidcAuthenticationProviderTest.java index dd472b416..e19177706 100644 --- a/src/test/java/org/akhq/modules/OidcAuthenticationProviderTest.java +++ b/src/test/java/org/akhq/modules/OidcAuthenticationProviderTest.java @@ -14,6 +14,7 @@ import io.micronaut.test.extensions.junit5.annotation.MicronautTest; import io.reactivex.Flowable; import lombok.extern.slf4j.Slf4j; +import org.akhq.controllers.AkhqController; import org.junit.jupiter.api.Test; import org.mockito.ArgumentMatchers; import org.mockito.Mockito; @@ -46,6 +47,9 @@ public class OidcAuthenticationProviderTest { @Inject DefaultOpenIdProviderMetadata defaultOpenIdProviderMetadata; + @Inject + AkhqController akhqController; + @Named("oidc") @MockBean(TokenEndpointClient.class) TokenEndpointClient tokenEndpointClient() { @@ -230,4 +234,13 @@ public void failure() { assertThat(authenticationException.getResponse(), instanceOf(AuthenticationFailed.class)); assertFalse(authenticationException.getResponse().isAuthenticated()); } + + @Test + void noLoginForm(){ + AkhqController.AuthDefinition actual = akhqController.auths(); + + assertTrue(actual.isLoginEnabled(), "Login must be enabled with OIDC"); + assertFalse(actual.isFormEnabled(), "Login Form must not be active if only OIDC is enabled"); + assertFalse(actual.getOidcAuths().isEmpty()); + } }