From 1a7e6d7fa91f61aa673c8974bc92cb8bf459d8ad Mon Sep 17 00:00:00 2001 From: aaldebs99 Date: Sat, 11 Oct 2025 19:07:18 +0000 Subject: [PATCH] refactor(config): make oidc_auto_register and allow_local_auth optional --- src/config.rs | 37 +++++++++++++++++++++---------------- src/routes/auth.rs | 8 ++++---- 2 files changed, 25 insertions(+), 20 deletions(-) diff --git a/src/config.rs b/src/config.rs index 3689f6b..266fdcc 100644 --- a/src/config.rs +++ b/src/config.rs @@ -33,10 +33,10 @@ pub struct Config { pub oidc_client_secret: Option, pub oidc_issuer_url: Option, pub oidc_redirect_uri: Option, - pub oidc_auto_register: bool, + pub oidc_auto_register: Option, // Authentication Configuration - pub allow_local_auth: bool, + pub allow_local_auth: Option, // S3 Configuration pub s3_enabled: bool, @@ -417,16 +417,20 @@ impl Config { Ok(val) => match val.to_lowercase().as_str() { "true" | "1" | "yes" | "on" => { println!("✅ OIDC_AUTO_REGISTER: true (loaded from env)"); - true + Some(true) + } + "false" | "0" | "no" | "off" => { + println!("✅ OIDC_AUTO_REGISTER: false (loaded from env)"); + Some(false) } _ => { - println!("✅ OIDC_AUTO_REGISTER: false (loaded from env)"); - false + println!("⚠️ OIDC_AUTO_REGISTER: Invalid value '{}', using default (false)", val); + None } }, Err(_) => { - println!("⚠️ OIDC_AUTO_REGISTER: true (using default - env var not set)"); - true // Default to true for convenience + println!("⚠️ OIDC_AUTO_REGISTER: Not set, will use default (false)"); + None } }, @@ -435,20 +439,20 @@ impl Config { Ok(val) => match val.to_lowercase().as_str() { "true" | "1" | "yes" | "on" => { println!("✅ ALLOW_LOCAL_AUTH: true (loaded from env)"); - true + Some(true) } "false" | "0" | "no" | "off" => { println!("✅ ALLOW_LOCAL_AUTH: false (loaded from env)"); - false + Some(false) } _ => { - println!("⚠️ ALLOW_LOCAL_AUTH: Invalid value '{}', defaulting to true", val); - true + println!("⚠️ ALLOW_LOCAL_AUTH: Invalid value '{}', using default (true)", val); + None } }, Err(_) => { - println!("⚠️ ALLOW_LOCAL_AUTH: true (using default - env var not set)"); - true // Default to true for backward compatibility + println!("⚠️ ALLOW_LOCAL_AUTH: Not set, will use default (true)"); + None } }, @@ -565,7 +569,7 @@ impl Config { // OIDC validation if config.oidc_enabled { println!("🔐 OIDC is enabled"); - println!("🔓 OIDC auto-registration: {}", config.oidc_auto_register); + println!("🔓 OIDC auto-registration: {}", config.oidc_auto_register.unwrap_or(false)); if config.oidc_client_id.is_none() { println!("❌ OIDC_CLIENT_ID is required when OIDC is enabled"); } @@ -583,10 +587,11 @@ impl Config { } // Authentication method validation + let allow_local_auth = config.allow_local_auth.unwrap_or(true); println!("🔑 Local authentication (username/password): {}", - if config.allow_local_auth { "enabled" } else { "disabled" }); + if allow_local_auth { "enabled" } else { "disabled" }); - if !config.oidc_enabled && !config.allow_local_auth { + if !config.oidc_enabled && !allow_local_auth { println!("❌ WARNING: Both OIDC and local authentication are disabled!"); println!(" You will not be able to log in. Enable at least one authentication method."); return Err(anyhow::anyhow!( diff --git a/src/routes/auth.rs b/src/routes/auth.rs index f050c63..9f41e84 100644 --- a/src/routes/auth.rs +++ b/src/routes/auth.rs @@ -41,7 +41,7 @@ async fn register( Json(user_data): Json, ) -> Response { // Check if local authentication is enabled - if !state.config.allow_local_auth { + if !state.config.allow_local_auth.unwrap_or(true) { tracing::warn!("Local registration attempt rejected - local auth is disabled"); return ( StatusCode::FORBIDDEN, @@ -98,7 +98,7 @@ async fn login( Json(login_data): Json, ) -> Result, StatusCode> { // Check if local authentication is enabled - if !state.config.allow_local_auth { + if !state.config.allow_local_auth.unwrap_or(true) { tracing::warn!("Local authentication attempt rejected - local auth is disabled"); return Err(StatusCode::FORBIDDEN); } @@ -268,7 +268,7 @@ async fn oidc_callback( }, Ok(None) => { // No existing user with this email - if state.config.oidc_auto_register { + if state.config.oidc_auto_register.unwrap_or(false) { // Auto-registration is enabled, create new OIDC user tracing::debug!("No existing user with this email, creating new OIDC user (auto-registration enabled)"); create_new_oidc_user( @@ -293,7 +293,7 @@ async fn oidc_callback( } } else { // No email provided by OIDC provider - if state.config.oidc_auto_register { + if state.config.oidc_auto_register.unwrap_or(false) { // Auto-registration is enabled, create new user without email sync tracing::debug!("No email provided by OIDC, creating new user (auto-registration enabled)"); create_new_oidc_user(