feature: Allow to disable default password login after SSO is configured. Fixes #406 (#502)

* [Feature Request] Allow to disable default password log in after SSO is configured #406 changed the flag to also disallow logging in via password The extensions will also no longer be allowed to log in via username/password then * [Feature Request] Allow to disable default password log in after SSO is configured #406 added the error message for OAuth
author: kamtschatka <simon.schatka@gmx.at> 2024-10-12 15:27:21 +0200
committer: GitHub <noreply@github.com> 2024-10-12 14:27:21 +0100
commit: 9f87207d668fbe0a2039c63803128fbe5916f993 (patch)
tree: 08e1fff219e204258ebbf1732ddf22bff145714d /packages/trpc/auth.ts
parent: 02a5b35a30845268cfaa814bb045d0ec800dc538 (diff)
download: karakeep-9f87207d668fbe0a2039c63803128fbe5916f993.tar.zst
1 files changed, 4 insertions, 0 deletions
diff --git a/packages/trpc/auth.ts b/packages/trpc/auth.ts
index 846c07b6..39aebd3b 100644
--- a/packages/trpc/auth.ts
+++ b/packages/trpc/auth.ts
@@ -3,6 +3,7 @@ import * as bcrypt from "bcryptjs";
 
 import { db } from "@hoarder/db";
 import { apiKeys } from "@hoarder/db/schema";
+import serverConfig from "@hoarder/shared/config";
 
 // API Keys
 
@@ -79,6 +80,9 @@ export async function hashPassword(password: string) {
 }
 
 export async function validatePassword(email: string, password: string) {
+  if (serverConfig.auth.disablePasswordAuth) {
+    throw new Error("Password authentication is currently disabled");
+  }
   const user = await db.query.users.findFirst({
     where: (u, { eq }) => eq(u.email, email),
   });
author	kamtschatka <simon.schatka@gmx.at>	2024-10-12 15:27:21 +0200
committer	GitHub <noreply@github.com>	2024-10-12 14:27:21 +0100
commit	9f87207d668fbe0a2039c63803128fbe5916f993 (patch)
tree	08e1fff219e204258ebbf1732ddf22bff145714d /packages/trpc/auth.ts
parent	02a5b35a30845268cfaa814bb045d0ec800dc538 (diff)
download	karakeep-9f87207d668fbe0a2039c63803128fbe5916f993.tar.zst