feat: setting to hide password login

docs/docs/documentation/getting-started/authentication/oidc-v2.md

@@ -52,6 +52,8 @@ Before you can start using OIDC Authentication, you must first configure a new c
 
 Take the client id and your discovery URL and update your environment variables to include the required OIDC variables described in [Installation - Backend Configuration](../installation/backend-config.md#openid-connect-oidc).
 
+You might also want to set ALLOW_PASSWORD_LOGIN to false, to hide the username+password inputs, if you want to allow logins only via OIDC.
+
 ### Groups
 
 There are two (optional) [environment variables](../installation/backend-config.md#openid-connect-oidc) that can control which of the users in your IdP can log in to Mealie and what permissions they will have. Keep in mind that these groups **do not necessarily correspond to groups in Mealie**. The groups claim is configurable via the `OIDC_GROUPS_CLAIM` environment variable. The groups should be **defined in your IdP** and be returned in the configured claim value.

docs/docs/documentation/getting-started/installation/backend-config.md

@@ -16,6 +16,7 @@
 | API_DOCS                      |         True          | Turns on/off access to the API documentation locally                                               |
 | TZ                            |          UTC          | Must be set to get correct date/time on the server                                                 |
 | ALLOW_SIGNUP<super>\*</super> |         false         | Allow user sign-up without token                                                                   |
+| ALLOW_PASSWORD_LOGIN          |         true          | Whether or not to display the username+password input fields. Keep set to true unless you use OIDC authentication |
 | LOG_CONFIG_OVERRIDE           |                       | Override the config for logging with a custom path                                                 |
 | LOG_LEVEL                     |         info          | Logging level (e.g. critical, error, warning, info, debug)                                         |
 | DAILY_SCHEDULE_TIME           |         23:45         | The time of day to run daily server tasks, in HH:MM format. Use the server's local time, *not* UTC |

frontend/lib/api/types/admin.ts

@@ -10,6 +10,7 @@ export interface AdminAboutInfo {
   version: string;
   demoStatus: boolean;
   allowSignup: boolean;
+  allowPasswordLogin: boolean;
   defaultGroupSlug?: string | null;
   defaultHouseholdSlug?: string | null;
   enableOidc: boolean;
@@ -41,6 +42,7 @@ export interface AppInfo {
   version: string;
   demoStatus: boolean;
   allowSignup: boolean;
+  allowPasswordLogin: boolean;
   defaultGroupSlug?: string | null;
   defaultHouseholdSlug?: string | null;
   enableOidc: boolean;

frontend/pages/login.vue

@@ -39,6 +39,7 @@
       <v-card-text>
         <v-form @submit.prevent="authenticate">
           <v-text-field
+            v-if="allowPasswordLogin"
             v-model="form.email"
             :prepend-inner-icon="$globals.icons.email"
             filled
@@ -51,6 +52,7 @@
             type="text"
           />
           <v-text-field
+            v-if="allowPasswordLogin"
             id="password"
             v-model="form.password"
             :prepend-inner-icon="$globals.icons.lock"
@@ -65,7 +67,7 @@
             @click:append="togglePasswordShow"
           />
           <v-checkbox v-model="form.remember" class="ml-2 mt-n2" :label="$t('user.remember-me')"></v-checkbox>
-          <v-card-actions class="justify-center pt-0">
+          <v-card-actions v-if="allowPasswordLogin" class="justify-center pt-0">
             <div class="max-button">
               <v-btn :loading="loggingIn" :disabled="oidcLoggingIn" color="primary" type="submit" large rounded class="rounded-xl" block>
                 {{ $t("user.login") }}
@@ -191,7 +193,9 @@ export default defineComponent({
     const allowSignup = computed(() => appInfo.value?.allowSignup || false);
     const allowOidc = computed(() => appInfo.value?.enableOidc || false);
     const oidcRedirect = computed(() => appInfo.value?.oidcRedirect || false);
-    const oidcProviderName = computed(() => appInfo.value?.oidcProviderName || "OAuth")
+    const oidcProviderName = computed(() => appInfo.value?.oidcProviderName || "OAuth");
+    const allowPasswordLogin = computed(() => appInfo.value?.allowPasswordLogin ?? true);
+
 
     whenever(
         () => allowOidc.value && oidcRedirect.value && !isCallback() && !isDirectLogin() && !$auth.check().valid,
@@ -271,6 +275,7 @@ export default defineComponent({
       form,
       loggingIn,
       allowSignup,
+      allowPasswordLogin,
       allowOidc,
       authenticate,
       oidcAuthenticate,

mealie/core/settings/settings.py

@@ -128,6 +128,7 @@ class AppSettings(AppLoggingSettings):
     GIT_COMMIT_HASH: str = "unknown"
 
     ALLOW_SIGNUP: bool = False
+    ALLOW_PASSWORD_LOGIN: bool = True
 
     DAILY_SCHEDULE_TIME: str = "23:45"
     """Local server time, in HH:MM format. See `DAILY_SCHEDULE_TIME_UTC` for the parsed UTC equivalent"""

mealie/routes/admin/admin_about.py

@@ -29,6 +29,7 @@ def get_app_info(self):
             default_group=settings.DEFAULT_GROUP,
             default_household=settings.DEFAULT_HOUSEHOLD,
             allow_signup=settings.ALLOW_SIGNUP,
+            allow_password_login=settings.ALLOW_PASSWORD_LOGIN,
             build_id=settings.GIT_COMMIT_HASH,
             recipe_scraper_version=recipe_scraper_version.__version__,
             enable_oidc=settings.OIDC_AUTH_ENABLED,

mealie/routes/app/app_about.py

@@ -43,6 +43,7 @@ def get_app_info(session: Session = Depends(generate_session)):
         oidc_provider_name=settings.OIDC_PROVIDER_NAME,
         enable_openai=settings.OPENAI_ENABLED,
         enable_openai_image_services=settings.OPENAI_ENABLED and settings.OPENAI_ENABLE_IMAGE_SERVICES,
+        allow_password_login=settings.ALLOW_PASSWORD_LOGIN,
     )
 
 

mealie/schema/admin/about.py

@@ -15,6 +15,7 @@ class AppInfo(MealieModel):
     version: str
     demo_status: bool
     allow_signup: bool
+    allow_password_login: bool
     default_group_slug: str | None = None
     default_household_slug: str | None = None
     enable_oidc: bool