Allow admins to disable the login form

In case they want to not allow this because they use SSO (and do not want the users to enter their credentials there by accident). ?direct=1 still works. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-03-03 11:18:33 +01:00 · 2021-03-03 11:18:33 +01:00 · 4076dfb019
parent 43b333331d
commit 4076dfb019
6 changed files with 28 additions and 3 deletions
--- a/config/config.sample.php
+++ b/config/config.sample.php
@ -305,6 +305,15 @@ $CONFIG = [
 */
 'auth.webauthn.enabled' => true,

+/**
+ * By default the login form is always available. There are cases (SSO) where an
+ * admin wants to avoid users entering their credentials to the system if the SSO
+ * app is unavailable.
+ *
+ * This will show an error. But the the direct login still works with adding ?direct=1
+ */
+'hide_login_form' => false,
+
 /**
 * The directory where the skeleton files are located. These files will be
 * copied to the data directory of new users. Leave empty to not copy any
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@ -191,6 +191,8 @@ class LoginController extends Controller {

 		$this->initialStateService->provideInitialState('core', 'webauthn-available', $this->webAuthnManager->isWebAuthnAvailable());

+		$this->initialStateService->provideInitialState('core', 'hideLoginForm', $this->config->getSystemValueBool('hide_login_form', false));
+
 		// OpenGraph Support: http://ogp.me/
 		Util::addHeader('meta', ['property' => 'og:title', 'content' => Util::sanitizeHTML($this->defaults->getName())]);
 		Util::addHeader('meta', ['property' => 'og:description', 'content' => Util::sanitizeHTML($this->defaults->getSlogan())]);
--- a/core/js/dist/login.js
+++ b/core/js/dist/login.js
--- a/core/js/dist/login.js.map
+++ b/core/js/dist/login.js.map
--- a/core/src/login.js
+++ b/core/src/login.js
@ -67,5 +67,6 @@ new View({
 		hasPasswordless: fromStateOr('webauthn-available', false),
 		isHttps: window.location.protocol === 'https:',
 		hasPublicKeyCredential: typeof (window.PublicKeyCredential) !== 'undefined',
+		hideLoginForm: fromStateOr('hideLoginForm', false),
 	},
 }).$mount('#login')
--- a/core/src/views/Login.vue
+++ b/core/src/views/Login.vue
@ -20,7 +20,7 @@
  -->

 <template>
-	<div>
+	<div v-if="!hideLoginForm || directLogin">
 		<transition name="fade" mode="out-in">
 			<div v-if="!passwordlessLogin && !resetPassword && resetPasswordTarget === ''"
 				key="login">
@ -84,6 +84,15 @@
 			</div>
 		</transition>
 	</div>
+	<div v-else>
+		<transition name="fade" mode="out-in">
+			<div class="warning">
+				{{ t('core', 'Login form is disabled.') }}<br>
+				<small>{{ t('core', 'Please contact your administrator.') }}
+				</small>
+			</div>
+		</transition>
+	</div>
 </template>

 <script>
@ -153,6 +162,10 @@ export default {
 			type: Boolean,
 			default: false,
 		},
+		hideLoginForm: {
+			type: Boolean,
+			default: false
+		}
 	},
 	data() {
 		return {