Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: setting to force oauth2/oidc login & refactor #1131

Merged
merged 2 commits into from
Dec 10, 2024
Merged

feat: setting to force oauth2/oidc login & refactor #1131

merged 2 commits into from
Dec 10, 2024

Conversation

kpodp0ra
Copy link
Collaborator

@kpodp0ra kpodp0ra commented Dec 3, 2024
edited
Loading

This change does not affect normal installations by default. However, by setting PASSWORD_LOGIN_DISABLED=true, all endpoints related to password-based login can be disabled.

This feature is intended for scenarios where you want users to authenticate exclusively through OIDC or other OAuth2 providers, ensuring centralized password management and enabling features like obligatory two-factor authentication. Disabling endpoints also prevents users from bypassing OAuth by setting their own passwords.

If there is only one OAuth provider configured, the program will automatically redirect users to it during login. If multiple OAuth providers are configured, the normal table page will appear, but the login form will be hidden.

login page with oauth buttons

@boris-w boris-w added the preview This issue is already ready for preview label Dec 3, 2024
@kpodp0ra
Copy link
Collaborator Author

kpodp0ra commented Dec 3, 2024

To avoid circular dependencies, I've created SessionService with .signout() function as it was used by global auth controller and also the password one.

teable/apps/nestjs-backend/src/features/auth/auth.controller.ts

Lines 36 to 41 in e6c7fd9

@Post('signout')
@HttpCode(200)
async signout(@Req() req: Express.Request, @Res({ passthrough: true }) res: Response) {
await this.authService.signout(req);
res.clearCookie(AUTH_SESSION_COOKIE_NAME);
}

teable/apps/nestjs-backend/src/features/auth/auth.controller.ts

Lines 71 to 80 in e6c7fd9

@Patch('/change-password')
async changePassword(
@Body(new ZodValidationPipe(changePasswordRoSchema)) changePasswordRo: IChangePasswordRo,
@Req() req: Request,
@Res({ passthrough: true }) res: Response
) {
await this.authService.changePassword(changePasswordRo);
await this.authService.signout(req);
res.clearCookie(AUTH_SESSION_COOKIE_NAME);
}

Tested:

  • login
  • register
  • change password
  • forget password

Everything seems to work.

@kpodp0ra kpodp0ra requested a review from tea-artist December 3, 2024 20:42
@tea-artist tea-artist removed the preview This issue is already ready for preview label Dec 10, 2024
@tea-artist tea-artist requested a review from boris-w December 10, 2024 04:03
@boris-w boris-w merged commit 6067b25 into teableio:develop Dec 10, 2024
11 of 14 checks passed
@kpodp0ra kpodp0ra deleted the disable-login branch December 11, 2024 01:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tea-artist tea-artist tea-artist approved these changes

@boris-w boris-w Awaiting requested review from boris-w

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kpodp0ra @tea-artist @boris-w