From 4e6c8b746b11ed11bea22b0aadee7bfa8cd8dd97 Mon Sep 17 00:00:00 2001 From: Chris Danis Date: Sat, 25 Jan 2025 19:21:18 +0000 Subject: [PATCH 1/4] feat: setting to hide password login --- frontend/lib/api/types/admin.ts | 2 ++ frontend/pages/login.vue | 9 +++++++-- mealie/core/settings/settings.py | 1 + mealie/routes/app/app_about.py | 1 + mealie/schema/admin/about.py | 1 + 5 files changed, 12 insertions(+), 2 deletions(-) diff --git a/frontend/lib/api/types/admin.ts b/frontend/lib/api/types/admin.ts index 69b47c97351..c330d1776fa 100644 --- a/frontend/lib/api/types/admin.ts +++ b/frontend/lib/api/types/admin.ts @@ -10,6 +10,7 @@ export interface AdminAboutInfo { version: string; demoStatus: boolean; allowSignup: boolean; + allowPasswordLogin: boolean; defaultGroupSlug?: string | null; defaultHouseholdSlug?: string | null; enableOidc: boolean; @@ -41,6 +42,7 @@ export interface AppInfo { version: string; demoStatus: boolean; allowSignup: boolean; + allowPasswordLogin: boolean; defaultGroupSlug?: string | null; defaultHouseholdSlug?: string | null; enableOidc: boolean; diff --git a/frontend/pages/login.vue b/frontend/pages/login.vue index 5632baf577a..29b0e631cd8 100644 --- a/frontend/pages/login.vue +++ b/frontend/pages/login.vue @@ -39,6 +39,7 @@ - +
{{ $t("user.login") }} @@ -191,7 +193,9 @@ export default defineComponent({ const allowSignup = computed(() => appInfo.value?.allowSignup || false); const allowOidc = computed(() => appInfo.value?.enableOidc || false); const oidcRedirect = computed(() => appInfo.value?.oidcRedirect || false); - const oidcProviderName = computed(() => appInfo.value?.oidcProviderName || "OAuth") + const oidcProviderName = computed(() => appInfo.value?.oidcProviderName || "OAuth"); + const allowPasswordLogin = computed(() => appInfo.value?.allowPasswordLogin ?? true); + whenever( () => allowOidc.value && oidcRedirect.value && !isCallback() && !isDirectLogin() && !$auth.check().valid, @@ -271,6 +275,7 @@ export default defineComponent({ form, loggingIn, allowSignup, + allowPasswordLogin, allowOidc, authenticate, oidcAuthenticate, diff --git a/mealie/core/settings/settings.py b/mealie/core/settings/settings.py index 7558a29c51b..10e69224b04 100644 --- a/mealie/core/settings/settings.py +++ b/mealie/core/settings/settings.py @@ -128,6 +128,7 @@ class AppSettings(AppLoggingSettings): GIT_COMMIT_HASH: str = "unknown" ALLOW_SIGNUP: bool = False + ALLOW_PASSWORD_LOGIN: bool = True DAILY_SCHEDULE_TIME: str = "23:45" """Local server time, in HH:MM format. See `DAILY_SCHEDULE_TIME_UTC` for the parsed UTC equivalent""" diff --git a/mealie/routes/app/app_about.py b/mealie/routes/app/app_about.py index 27c2ac1704f..ae9b8e7aae5 100644 --- a/mealie/routes/app/app_about.py +++ b/mealie/routes/app/app_about.py @@ -43,6 +43,7 @@ def get_app_info(session: Session = Depends(generate_session)): oidc_provider_name=settings.OIDC_PROVIDER_NAME, enable_openai=settings.OPENAI_ENABLED, enable_openai_image_services=settings.OPENAI_ENABLED and settings.OPENAI_ENABLE_IMAGE_SERVICES, + allow_password_login=settings.ALLOW_PASSWORD_LOGIN, ) diff --git a/mealie/schema/admin/about.py b/mealie/schema/admin/about.py index 0fb4eb73ff9..fdc14da04d8 100644 --- a/mealie/schema/admin/about.py +++ b/mealie/schema/admin/about.py @@ -15,6 +15,7 @@ class AppInfo(MealieModel): version: str demo_status: bool allow_signup: bool + allow_password_login: bool default_group_slug: str | None = None default_household_slug: str | None = None enable_oidc: bool From 6c32e6fe0d18ac9146737b42138f62f3a9d95e4d Mon Sep 17 00:00:00 2001 From: Chris Danis Date: Sat, 25 Jan 2025 14:53:38 -0500 Subject: [PATCH 2/4] docs --- .../documentation/getting-started/authentication/oidc-v2.md | 2 ++ .../getting-started/installation/backend-config.md | 1 + 2 files changed, 3 insertions(+) diff --git a/docs/docs/documentation/getting-started/authentication/oidc-v2.md b/docs/docs/documentation/getting-started/authentication/oidc-v2.md index ee8c3ba9bcb..98abc0397e6 100644 --- a/docs/docs/documentation/getting-started/authentication/oidc-v2.md +++ b/docs/docs/documentation/getting-started/authentication/oidc-v2.md @@ -52,6 +52,8 @@ Before you can start using OIDC Authentication, you must first configure a new c Take the client id and your discovery URL and update your environment variables to include the required OIDC variables described in [Installation - Backend Configuration](../installation/backend-config.md#openid-connect-oidc). +You might also want to set ALLOW_PASSWORD_LOGIN to false, to hide the username+password inputs, if you want to allow logins only via OIDC. + ### Groups There are two (optional) [environment variables](../installation/backend-config.md#openid-connect-oidc) that can control which of the users in your IdP can log in to Mealie and what permissions they will have. Keep in mind that these groups **do not necessarily correspond to groups in Mealie**. The groups claim is configurable via the `OIDC_GROUPS_CLAIM` environment variable. The groups should be **defined in your IdP** and be returned in the configured claim value. diff --git a/docs/docs/documentation/getting-started/installation/backend-config.md b/docs/docs/documentation/getting-started/installation/backend-config.md index 6884bd6f7d0..0d6c64f6de3 100644 --- a/docs/docs/documentation/getting-started/installation/backend-config.md +++ b/docs/docs/documentation/getting-started/installation/backend-config.md @@ -16,6 +16,7 @@ | API_DOCS | True | Turns on/off access to the API documentation locally | | TZ | UTC | Must be set to get correct date/time on the server | | ALLOW_SIGNUP\* | false | Allow user sign-up without token | +| ALLOW_PASSWORD_LOGIN | true | Whether or not to display the username+password input fields | | LOG_CONFIG_OVERRIDE | | Override the config for logging with a custom path | | LOG_LEVEL | info | Logging level (e.g. critical, error, warning, info, debug) | | DAILY_SCHEDULE_TIME | 23:45 | The time of day to run daily server tasks, in HH:MM format. Use the server's local time, *not* UTC | From c9c226cf66b2b458d7b0ac739facecffd3e8761b Mon Sep 17 00:00:00 2001 From: Chris Danis Date: Sat, 25 Jan 2025 19:16:51 -0500 Subject: [PATCH 3/4] cr fix: docs tweak --- .../getting-started/installation/backend-config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/documentation/getting-started/installation/backend-config.md b/docs/docs/documentation/getting-started/installation/backend-config.md index 0d6c64f6de3..9a2a8fc980e 100644 --- a/docs/docs/documentation/getting-started/installation/backend-config.md +++ b/docs/docs/documentation/getting-started/installation/backend-config.md @@ -16,7 +16,7 @@ | API_DOCS | True | Turns on/off access to the API documentation locally | | TZ | UTC | Must be set to get correct date/time on the server | | ALLOW_SIGNUP\* | false | Allow user sign-up without token | -| ALLOW_PASSWORD_LOGIN | true | Whether or not to display the username+password input fields | +| ALLOW_PASSWORD_LOGIN | true | Whether or not to display the username+password input fields. Keep set to true unless you use OIDC authentication | | LOG_CONFIG_OVERRIDE | | Override the config for logging with a custom path | | LOG_LEVEL | info | Logging level (e.g. critical, error, warning, info, debug) | | DAILY_SCHEDULE_TIME | 23:45 | The time of day to run daily server tasks, in HH:MM format. Use the server's local time, *not* UTC | From 2e1be752e972ff88a32f2d11095e29901e2e02f7 Mon Sep 17 00:00:00 2001 From: Chris Danis Date: Sat, 25 Jan 2025 19:20:57 -0500 Subject: [PATCH 4/4] fix test --- mealie/routes/admin/admin_about.py | 1 + 1 file changed, 1 insertion(+) diff --git a/mealie/routes/admin/admin_about.py b/mealie/routes/admin/admin_about.py index e92013bb84a..5986cc4f021 100644 --- a/mealie/routes/admin/admin_about.py +++ b/mealie/routes/admin/admin_about.py @@ -29,6 +29,7 @@ def get_app_info(self): default_group=settings.DEFAULT_GROUP, default_household=settings.DEFAULT_HOUSEHOLD, allow_signup=settings.ALLOW_SIGNUP, + allow_password_login=settings.ALLOW_PASSWORD_LOGIN, build_id=settings.GIT_COMMIT_HASH, recipe_scraper_version=recipe_scraper_version.__version__, enable_oidc=settings.OIDC_AUTH_ENABLED,