feature: Allow to disable default password login after SSO is configured. Fixes #406 (#502)

* [Feature Request] Allow to disable default password log in after SSO is configured #406
changed the flag to also disallow logging in via password
The extensions will also no longer be allowed to log in via username/password then

* [Feature Request] Allow to disable default password log in after SSO is configured #406
added the error message for OAuth

1 files changed, 8 insertions, 0 deletions

diff --git a/packages/trpc/routers/apiKeys.ts b/packages/trpc/routers/apiKeys.ts
index 81e3bb2b..b7468dd2 100644
--- a/packages/trpc/routers/apiKeys.ts
+++ b/packages/trpc/routers/apiKeys.ts
@@ -3,6 +3,7 @@ import { and, eq } from "drizzle-orm";
 import { z } from "zod";
 
 import { apiKeys } from "@hoarder/db/schema";
+import serverConfig from "@hoarder/shared/config";
 
 import { authenticateApiKey, generateApiKey, validatePassword } from "../auth";
 import { authedProcedure, publicProcedure, router } from "../index";
@@ -74,6 +75,13 @@ export const apiKeysAppRouter = router({
     .output(zApiKeySchema)
     .mutation(async ({ input }) => {
       let user;
+      // Special handling as otherwise the extension would show "username or password is wrong"
+      if (serverConfig.auth.disablePasswordAuth) {
+        throw new TRPCError({
+          message: "Password authentication is currently disabled",
+          code: "FORBIDDEN",
+        });
+      }
       try {
         user = await validatePassword(input.email, input.password);
       } catch (e) {