From f6aa99e591f882d384140656a0a8ef35c6e1f887 Mon Sep 17 00:00:00 2001 From: prichier Date: Sun, 14 Jun 2020 00:27:25 +0200 Subject: [PATCH] Add disable_password_auth option --- account.go | 10 ++++++++++ app.go | 17 +++++++++++++++-- config/config.go | 3 +++ errors.go | 2 ++ pages/landing.tmpl | 22 ++++++++++++++++++++++ pages/login.tmpl | 26 +++++++++++++++----------- templates/user/settings.tmpl | 2 ++ 7 files changed, 69 insertions(+), 13 deletions(-) diff --git a/account.go b/account.go index 4dc8ef9..f8828d0 100644 --- a/account.go +++ b/account.go @@ -86,6 +86,11 @@ func apiSignup(app *App, w http.ResponseWriter, r *http.Request) error { } func signup(app *App, w http.ResponseWriter, r *http.Request) (*AuthUser, error) { + if app.cfg.App.DisablePasswordAuth { + err := ErrDisabledPasswordAuth + return nil, err + } + reqJSON := IsJSON(r) // Get params @@ -395,6 +400,11 @@ func login(app *App, w http.ResponseWriter, r *http.Request) error { var err error var signin userCredentials + if app.cfg.App.DisablePasswordAuth { + err := ErrDisabledPasswordAuth + return err + } + // Log in with one-time token if one is given if oneTimeToken != "" { log.Info("Login: Logging user in via token.") diff --git a/app.go b/app.go index ca92192..3c9e9d9 100644 --- a/app.go +++ b/app.go @@ -243,9 +243,22 @@ func handleViewLanding(app *App, w http.ResponseWriter, r *http.Request) error { Content template.HTML ForcedLanding bool + + OauthSlack bool + OauthWriteAs bool + OauthGitlab bool + OauthGeneric bool + OauthGenericDisplayName string + GitlabDisplayName string }{ - StaticPage: pageForReq(app, r), - ForcedLanding: forceLanding, + StaticPage: pageForReq(app, r), + ForcedLanding: forceLanding, + OauthSlack: app.Config().SlackOauth.ClientID != "", + OauthWriteAs: app.Config().WriteAsOauth.ClientID != "", + OauthGitlab: app.Config().GitlabOauth.ClientID != "", + OauthGeneric: app.Config().GenericOauth.ClientID != "", + OauthGenericDisplayName: config.OrDefaultString(app.Config().GenericOauth.DisplayName, genericOauthDisplayName), + GitlabDisplayName: config.OrDefaultString(app.Config().GitlabOauth.DisplayName, gitlabDisplayName), } banner, err := getLandingBanner(app) diff --git a/config/config.go b/config/config.go index ffd171a..7d6e840 100644 --- a/config/config.go +++ b/config/config.go @@ -141,6 +141,9 @@ type ( // Check for Updates UpdateChecks bool `ini:"update_checks"` + + // Disable password authentication if use only Oauth + DisablePasswordAuth bool `ini:"disable_password_auth"` } // Config holds the complete configuration for running a writefreely instance diff --git a/errors.go b/errors.go index 579386b..cf52df1 100644 --- a/errors.go +++ b/errors.go @@ -52,6 +52,8 @@ var ( ErrUserNotFoundEmail = impart.HTTPError{http.StatusNotFound, "Please enter your username instead of your email address."} ErrUserSilenced = impart.HTTPError{http.StatusForbidden, "Account is silenced."} + + ErrDisabledPasswordAuth = impart.HTTPError{http.StatusForbidden, "Password authentication is disabled."} ) // Post operation errors diff --git a/pages/landing.tmpl b/pages/landing.tmpl index d3867a9..f23470f 100644 --- a/pages/landing.tmpl +++ b/pages/landing.tmpl @@ -60,6 +60,11 @@ form dd { margin-top: 0; max-width: 8em; } +#generic-oauth-login { + box-sizing: border-box; + font-size: 17px; + white-space:nowrap; +} {{end}} {{define "content"}} @@ -73,6 +78,22 @@ form dd { {{ if .OpenRegistration }} + {{if .DisablePasswordAuth}} + {{ if or .OauthSlack .OauthWriteAs .OauthGitlab .OauthGeneric }} + {{ if .OauthSlack }} +
Sign in with Slack
+ {{ end }} + {{ if .OauthWriteAs }} + + {{ end }} + {{ if .OauthGitlab }} + + {{ end }} + {{ if .OauthGeneric }} + + {{ end }} + {{ end }} + {{ else }} {{if .Flashes}}{{end}} @@ -101,6 +122,7 @@ form dd { + {{end}} {{ else }}

Registration is currently closed.

You can always sign up on another instance.

diff --git a/pages/login.tmpl b/pages/login.tmpl index 88a7b2b..304df3e 100644 --- a/pages/login.tmpl +++ b/pages/login.tmpl @@ -33,12 +33,15 @@ input{margin-bottom:0.5em;} {{ end }} -
-

or

-
-
+ {{if not .DisablePasswordAuth}} +
+

or

+
+
+ {{end}} {{ end }} +{{if not .DisablePasswordAuth}}


@@ -48,11 +51,12 @@ input{margin-bottom:0.5em;} {{if and (not .SingleUser) .OpenRegistration}}

{{if .Message}}{{.Message}}{{else}}No account yet? Sign up to start a blog.{{end}}

{{end}} - + + {{end}} {{end}} diff --git a/templates/user/settings.tmpl b/templates/user/settings.tmpl index dbffe4d..af25a29 100644 --- a/templates/user/settings.tmpl +++ b/templates/user/settings.tmpl @@ -41,6 +41,7 @@ h3 { font-weight: normal; }
{{ end }} + {{if not .DisablePasswordAuth}}
@@ -72,6 +73,7 @@ h3 { font-weight: normal; }
+ {{end}} {{ if .OauthSection }}