From 9f87207d668fbe0a2039c63803128fbe5916f993 Mon Sep 17 00:00:00 2001
From: kamtschatka <simon.schatka@gmx.at>
Date: Sat, 12 Oct 2024 15:27:21 +0200
Subject: feature: Allow to disable default password login after SSO is
 configured. Fixes #406 (#502)

* [Feature Request] Allow to disable default password log in after SSO is configured #406
changed the flag to also disallow logging in via password
The extensions will also no longer be allowed to log in via username/password then

* [Feature Request] Allow to disable default password log in after SSO is configured #406
added the error message for OAuth
---
 packages/trpc/auth.ts | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'packages/trpc/auth.ts')

diff --git a/packages/trpc/auth.ts b/packages/trpc/auth.ts
index 846c07b6..39aebd3b 100644
--- a/packages/trpc/auth.ts
+++ b/packages/trpc/auth.ts
@@ -3,6 +3,7 @@ import * as bcrypt from "bcryptjs";
 
 import { db } from "@hoarder/db";
 import { apiKeys } from "@hoarder/db/schema";
+import serverConfig from "@hoarder/shared/config";
 
 // API Keys
 
@@ -79,6 +80,9 @@ export async function hashPassword(password: string) {
 }
 
 export async function validatePassword(email: string, password: string) {
+  if (serverConfig.auth.disablePasswordAuth) {
+    throw new Error("Password authentication is currently disabled");
+  }
   const user = await db.query.users.findFirst({
     where: (u, { eq }) => eq(u.email, email),
   });
-- 
cgit v1.2.3-70-g09d2