refactor(config): make oidc_auto_register and allow_local_auth optional
This commit is contained in:
aaldebs99
parent
e367f4908a
commit
1a7e6d7fa9
|
|
@ -33,10 +33,10 @@ pub struct Config {
|
|||
pub oidc_client_secret: Option<String>,
|
||||
pub oidc_issuer_url: Option<String>,
|
||||
pub oidc_redirect_uri: Option<String>,
|
||||
pub oidc_auto_register: bool,
|
||||
pub oidc_auto_register: Option<bool>,
|
||||
|
||||
// Authentication Configuration
|
||||
pub allow_local_auth: bool,
|
||||
pub allow_local_auth: Option<bool>,
|
||||
|
||||
// S3 Configuration
|
||||
pub s3_enabled: bool,
|
||||
|
|
@ -417,16 +417,20 @@ impl Config {
|
|||
Ok(val) => match val.to_lowercase().as_str() {
|
||||
"true" | "1" | "yes" | "on" => {
|
||||
println!("✅ OIDC_AUTO_REGISTER: true (loaded from env)");
|
||||
true
|
||||
Some(true)
|
||||
}
|
||||
"false" | "0" | "no" | "off" => {
|
||||
println!("✅ OIDC_AUTO_REGISTER: false (loaded from env)");
|
||||
Some(false)
|
||||
}
|
||||
_ => {
|
||||
println!("✅ OIDC_AUTO_REGISTER: false (loaded from env)");
|
||||
false
|
||||
println!("⚠️ OIDC_AUTO_REGISTER: Invalid value '{}', using default (false)", val);
|
||||
None
|
||||
}
|
||||
},
|
||||
Err(_) => {
|
||||
println!("⚠️ OIDC_AUTO_REGISTER: true (using default - env var not set)");
|
||||
true // Default to true for convenience
|
||||
println!("⚠️ OIDC_AUTO_REGISTER: Not set, will use default (false)");
|
||||
None
|
||||
}
|
||||
},
|
||||
|
||||
|
|
@ -435,20 +439,20 @@ impl Config {
|
|||
Ok(val) => match val.to_lowercase().as_str() {
|
||||
"true" | "1" | "yes" | "on" => {
|
||||
println!("✅ ALLOW_LOCAL_AUTH: true (loaded from env)");
|
||||
true
|
||||
Some(true)
|
||||
}
|
||||
"false" | "0" | "no" | "off" => {
|
||||
println!("✅ ALLOW_LOCAL_AUTH: false (loaded from env)");
|
||||
false
|
||||
Some(false)
|
||||
}
|
||||
_ => {
|
||||
println!("⚠️ ALLOW_LOCAL_AUTH: Invalid value '{}', defaulting to true", val);
|
||||
true
|
||||
println!("⚠️ ALLOW_LOCAL_AUTH: Invalid value '{}', using default (true)", val);
|
||||
None
|
||||
}
|
||||
},
|
||||
Err(_) => {
|
||||
println!("⚠️ ALLOW_LOCAL_AUTH: true (using default - env var not set)");
|
||||
true // Default to true for backward compatibility
|
||||
println!("⚠️ ALLOW_LOCAL_AUTH: Not set, will use default (true)");
|
||||
None
|
||||
}
|
||||
},
|
||||
|
||||
|
|
@ -565,7 +569,7 @@ impl Config {
|
|||
// OIDC validation
|
||||
if config.oidc_enabled {
|
||||
println!("🔐 OIDC is enabled");
|
||||
println!("🔓 OIDC auto-registration: {}", config.oidc_auto_register);
|
||||
println!("🔓 OIDC auto-registration: {}", config.oidc_auto_register.unwrap_or(false));
|
||||
if config.oidc_client_id.is_none() {
|
||||
println!("❌ OIDC_CLIENT_ID is required when OIDC is enabled");
|
||||
}
|
||||
|
|
@ -583,10 +587,11 @@ impl Config {
|
|||
}
|
||||
|
||||
// Authentication method validation
|
||||
let allow_local_auth = config.allow_local_auth.unwrap_or(true);
|
||||
println!("🔑 Local authentication (username/password): {}",
|
||||
if config.allow_local_auth { "enabled" } else { "disabled" });
|
||||
if allow_local_auth { "enabled" } else { "disabled" });
|
||||
|
||||
if !config.oidc_enabled && !config.allow_local_auth {
|
||||
if !config.oidc_enabled && !allow_local_auth {
|
||||
println!("❌ WARNING: Both OIDC and local authentication are disabled!");
|
||||
println!(" You will not be able to log in. Enable at least one authentication method.");
|
||||
return Err(anyhow::anyhow!(
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ async fn register(
|
|||
Json(user_data): Json<CreateUser>,
|
||||
) -> Response {
|
||||
// Check if local authentication is enabled
|
||||
if !state.config.allow_local_auth {
|
||||
if !state.config.allow_local_auth.unwrap_or(true) {
|
||||
tracing::warn!("Local registration attempt rejected - local auth is disabled");
|
||||
return (
|
||||
StatusCode::FORBIDDEN,
|
||||
|
|
@ -98,7 +98,7 @@ async fn login(
|
|||
Json(login_data): Json<LoginRequest>,
|
||||
) -> Result<Json<LoginResponse>, StatusCode> {
|
||||
// Check if local authentication is enabled
|
||||
if !state.config.allow_local_auth {
|
||||
if !state.config.allow_local_auth.unwrap_or(true) {
|
||||
tracing::warn!("Local authentication attempt rejected - local auth is disabled");
|
||||
return Err(StatusCode::FORBIDDEN);
|
||||
}
|
||||
|
|
@ -268,7 +268,7 @@ async fn oidc_callback(
|
|||
},
|
||||
Ok(None) => {
|
||||
// No existing user with this email
|
||||
if state.config.oidc_auto_register {
|
||||
if state.config.oidc_auto_register.unwrap_or(false) {
|
||||
// Auto-registration is enabled, create new OIDC user
|
||||
tracing::debug!("No existing user with this email, creating new OIDC user (auto-registration enabled)");
|
||||
create_new_oidc_user(
|
||||
|
|
@ -293,7 +293,7 @@ async fn oidc_callback(
|
|||
}
|
||||
} else {
|
||||
// No email provided by OIDC provider
|
||||
if state.config.oidc_auto_register {
|
||||
if state.config.oidc_auto_register.unwrap_or(false) {
|
||||
// Auto-registration is enabled, create new user without email sync
|
||||
tracing::debug!("No email provided by OIDC, creating new user (auto-registration enabled)");
|
||||
create_new_oidc_user(
|
||||
|
|
|
|||
Loading…
Reference in New Issue