refactor(config): make oidc_auto_register and allow_local_auth optional
This commit is contained in:
aaldebs99
parent
e367f4908a
commit
1a7e6d7fa9
|
|
@ -33,10 +33,10 @@ pub struct Config {
|
||||||
pub oidc_client_secret: Option<String>,
|
pub oidc_client_secret: Option<String>,
|
||||||
pub oidc_issuer_url: Option<String>,
|
pub oidc_issuer_url: Option<String>,
|
||||||
pub oidc_redirect_uri: Option<String>,
|
pub oidc_redirect_uri: Option<String>,
|
||||||
pub oidc_auto_register: bool,
|
pub oidc_auto_register: Option<bool>,
|
||||||
|
|
||||||
// Authentication Configuration
|
// Authentication Configuration
|
||||||
pub allow_local_auth: bool,
|
pub allow_local_auth: Option<bool>,
|
||||||
|
|
||||||
// S3 Configuration
|
// S3 Configuration
|
||||||
pub s3_enabled: bool,
|
pub s3_enabled: bool,
|
||||||
|
|
@ -417,16 +417,20 @@ impl Config {
|
||||||
Ok(val) => match val.to_lowercase().as_str() {
|
Ok(val) => match val.to_lowercase().as_str() {
|
||||||
"true" | "1" | "yes" | "on" => {
|
"true" | "1" | "yes" | "on" => {
|
||||||
println!("✅ OIDC_AUTO_REGISTER: true (loaded from env)");
|
println!("✅ OIDC_AUTO_REGISTER: true (loaded from env)");
|
||||||
true
|
Some(true)
|
||||||
|
}
|
||||||
|
"false" | "0" | "no" | "off" => {
|
||||||
|
println!("✅ OIDC_AUTO_REGISTER: false (loaded from env)");
|
||||||
|
Some(false)
|
||||||
}
|
}
|
||||||
_ => {
|
_ => {
|
||||||
println!("✅ OIDC_AUTO_REGISTER: false (loaded from env)");
|
println!("⚠️ OIDC_AUTO_REGISTER: Invalid value '{}', using default (false)", val);
|
||||||
false
|
None
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
Err(_) => {
|
Err(_) => {
|
||||||
println!("⚠️ OIDC_AUTO_REGISTER: true (using default - env var not set)");
|
println!("⚠️ OIDC_AUTO_REGISTER: Not set, will use default (false)");
|
||||||
true // Default to true for convenience
|
None
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
||||||
|
|
@ -435,20 +439,20 @@ impl Config {
|
||||||
Ok(val) => match val.to_lowercase().as_str() {
|
Ok(val) => match val.to_lowercase().as_str() {
|
||||||
"true" | "1" | "yes" | "on" => {
|
"true" | "1" | "yes" | "on" => {
|
||||||
println!("✅ ALLOW_LOCAL_AUTH: true (loaded from env)");
|
println!("✅ ALLOW_LOCAL_AUTH: true (loaded from env)");
|
||||||
true
|
Some(true)
|
||||||
}
|
}
|
||||||
"false" | "0" | "no" | "off" => {
|
"false" | "0" | "no" | "off" => {
|
||||||
println!("✅ ALLOW_LOCAL_AUTH: false (loaded from env)");
|
println!("✅ ALLOW_LOCAL_AUTH: false (loaded from env)");
|
||||||
false
|
Some(false)
|
||||||
}
|
}
|
||||||
_ => {
|
_ => {
|
||||||
println!("⚠️ ALLOW_LOCAL_AUTH: Invalid value '{}', defaulting to true", val);
|
println!("⚠️ ALLOW_LOCAL_AUTH: Invalid value '{}', using default (true)", val);
|
||||||
true
|
None
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
Err(_) => {
|
Err(_) => {
|
||||||
println!("⚠️ ALLOW_LOCAL_AUTH: true (using default - env var not set)");
|
println!("⚠️ ALLOW_LOCAL_AUTH: Not set, will use default (true)");
|
||||||
true // Default to true for backward compatibility
|
None
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
||||||
|
|
@ -565,7 +569,7 @@ impl Config {
|
||||||
// OIDC validation
|
// OIDC validation
|
||||||
if config.oidc_enabled {
|
if config.oidc_enabled {
|
||||||
println!("🔐 OIDC is enabled");
|
println!("🔐 OIDC is enabled");
|
||||||
println!("🔓 OIDC auto-registration: {}", config.oidc_auto_register);
|
println!("🔓 OIDC auto-registration: {}", config.oidc_auto_register.unwrap_or(false));
|
||||||
if config.oidc_client_id.is_none() {
|
if config.oidc_client_id.is_none() {
|
||||||
println!("❌ OIDC_CLIENT_ID is required when OIDC is enabled");
|
println!("❌ OIDC_CLIENT_ID is required when OIDC is enabled");
|
||||||
}
|
}
|
||||||
|
|
@ -583,10 +587,11 @@ impl Config {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Authentication method validation
|
// Authentication method validation
|
||||||
|
let allow_local_auth = config.allow_local_auth.unwrap_or(true);
|
||||||
println!("🔑 Local authentication (username/password): {}",
|
println!("🔑 Local authentication (username/password): {}",
|
||||||
if config.allow_local_auth { "enabled" } else { "disabled" });
|
if allow_local_auth { "enabled" } else { "disabled" });
|
||||||
|
|
||||||
if !config.oidc_enabled && !config.allow_local_auth {
|
if !config.oidc_enabled && !allow_local_auth {
|
||||||
println!("❌ WARNING: Both OIDC and local authentication are disabled!");
|
println!("❌ WARNING: Both OIDC and local authentication are disabled!");
|
||||||
println!(" You will not be able to log in. Enable at least one authentication method.");
|
println!(" You will not be able to log in. Enable at least one authentication method.");
|
||||||
return Err(anyhow::anyhow!(
|
return Err(anyhow::anyhow!(
|
||||||
|
|
|
||||||
|
|
@ -41,7 +41,7 @@ async fn register(
|
||||||
Json(user_data): Json<CreateUser>,
|
Json(user_data): Json<CreateUser>,
|
||||||
) -> Response {
|
) -> Response {
|
||||||
// Check if local authentication is enabled
|
// Check if local authentication is enabled
|
||||||
if !state.config.allow_local_auth {
|
if !state.config.allow_local_auth.unwrap_or(true) {
|
||||||
tracing::warn!("Local registration attempt rejected - local auth is disabled");
|
tracing::warn!("Local registration attempt rejected - local auth is disabled");
|
||||||
return (
|
return (
|
||||||
StatusCode::FORBIDDEN,
|
StatusCode::FORBIDDEN,
|
||||||
|
|
@ -98,7 +98,7 @@ async fn login(
|
||||||
Json(login_data): Json<LoginRequest>,
|
Json(login_data): Json<LoginRequest>,
|
||||||
) -> Result<Json<LoginResponse>, StatusCode> {
|
) -> Result<Json<LoginResponse>, StatusCode> {
|
||||||
// Check if local authentication is enabled
|
// Check if local authentication is enabled
|
||||||
if !state.config.allow_local_auth {
|
if !state.config.allow_local_auth.unwrap_or(true) {
|
||||||
tracing::warn!("Local authentication attempt rejected - local auth is disabled");
|
tracing::warn!("Local authentication attempt rejected - local auth is disabled");
|
||||||
return Err(StatusCode::FORBIDDEN);
|
return Err(StatusCode::FORBIDDEN);
|
||||||
}
|
}
|
||||||
|
|
@ -268,7 +268,7 @@ async fn oidc_callback(
|
||||||
},
|
},
|
||||||
Ok(None) => {
|
Ok(None) => {
|
||||||
// No existing user with this email
|
// No existing user with this email
|
||||||
if state.config.oidc_auto_register {
|
if state.config.oidc_auto_register.unwrap_or(false) {
|
||||||
// Auto-registration is enabled, create new OIDC user
|
// Auto-registration is enabled, create new OIDC user
|
||||||
tracing::debug!("No existing user with this email, creating new OIDC user (auto-registration enabled)");
|
tracing::debug!("No existing user with this email, creating new OIDC user (auto-registration enabled)");
|
||||||
create_new_oidc_user(
|
create_new_oidc_user(
|
||||||
|
|
@ -293,7 +293,7 @@ async fn oidc_callback(
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// No email provided by OIDC provider
|
// No email provided by OIDC provider
|
||||||
if state.config.oidc_auto_register {
|
if state.config.oidc_auto_register.unwrap_or(false) {
|
||||||
// Auto-registration is enabled, create new user without email sync
|
// Auto-registration is enabled, create new user without email sync
|
||||||
tracing::debug!("No email provided by OIDC, creating new user (auto-registration enabled)");
|
tracing::debug!("No email provided by OIDC, creating new user (auto-registration enabled)");
|
||||||
create_new_oidc_user(
|
create_new_oidc_user(
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue