new: [password auth] added setting to disable password auth
- not needed in some cases for keycloak enabled instancespull/92/head
iglocska
parent
79459838eb
commit
4902a3f8a6
|
|
@ -151,6 +151,17 @@ class CerebrateSettingsProvider extends BaseSettingsProvider
|
||||||
],
|
],
|
||||||
'Authentication' => [
|
'Authentication' => [
|
||||||
'Providers' => [
|
'Providers' => [
|
||||||
|
'PasswordAuth' => [
|
||||||
|
'password_auth.enabled' => [
|
||||||
|
'name' => 'Disable password authentication',
|
||||||
|
'type' => 'boolean',
|
||||||
|
'severity' => 'warning',
|
||||||
|
'description' => __('Enable username/password authentication.'),
|
||||||
|
'default' => true,
|
||||||
|
'test' => 'testEnabledAuth',
|
||||||
|
'authentication_type' => 'password_auth'
|
||||||
|
],
|
||||||
|
],
|
||||||
'KeyCloak' => [
|
'KeyCloak' => [
|
||||||
'keycloak.enabled' => [
|
'keycloak.enabled' => [
|
||||||
'name' => 'Enabled',
|
'name' => 'Enabled',
|
||||||
|
|
@ -158,6 +169,7 @@ class CerebrateSettingsProvider extends BaseSettingsProvider
|
||||||
'severity' => 'warning',
|
'severity' => 'warning',
|
||||||
'description' => __('Enable keycloak authentication'),
|
'description' => __('Enable keycloak authentication'),
|
||||||
'default' => false,
|
'default' => false,
|
||||||
|
'authentication_type' => 'keycloak'
|
||||||
],
|
],
|
||||||
'keycloak.provider.applicationId' => [
|
'keycloak.provider.applicationId' => [
|
||||||
'name' => 'Client ID',
|
'name' => 'Client ID',
|
||||||
|
|
@ -374,4 +386,24 @@ class CerebrateSettingValidator extends SettingValidator
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testEnabledAuth($value, &$setting)
|
||||||
|
{
|
||||||
|
$providers = [
|
||||||
|
'password_auth',
|
||||||
|
'keycloak'
|
||||||
|
];
|
||||||
|
if (!$value) {
|
||||||
|
$foundEnabledAuth = __('Cannot make change - this would disable every possible authentication method.');
|
||||||
|
foreach ($providers as $provider) {
|
||||||
|
if ($provider !== $setting['authentication_type']) {
|
||||||
|
if (Configure::read($provider . '.enable')) {
|
||||||
|
$foundEnabledAuth = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $foundEnabledAuth;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,11 @@
|
||||||
<?php
|
<?php
|
||||||
|
use Cake\Core\Configure;
|
||||||
|
$passwordRequired = false;
|
||||||
if ($this->request->getParam('action') === 'add') {
|
if ($this->request->getParam('action') === 'add') {
|
||||||
$dropdownData['individual'] = ['new' => __('New individual')] + $dropdownData['individual'];
|
$dropdownData['individual'] = ['new' => __('New individual')] + $dropdownData['individual'];
|
||||||
|
if (!Configure::check('password_auth.enabled') || Configure::read('password_auth.enabled')) {
|
||||||
|
$passwordRequired = 'required';
|
||||||
|
}
|
||||||
}
|
}
|
||||||
echo $this->element('genericElements/Form/genericForm', [
|
echo $this->element('genericElements/Form/genericForm', [
|
||||||
'data' => [
|
'data' => [
|
||||||
|
|
@ -54,16 +59,18 @@
|
||||||
'field' => 'password',
|
'field' => 'password',
|
||||||
'label' => __('Password'),
|
'label' => __('Password'),
|
||||||
'type' => 'password',
|
'type' => 'password',
|
||||||
'required' => $this->request->getParam('action') === 'add' ? 'required' : false,
|
'required' => $passwordRequired,
|
||||||
'autocomplete' => 'new-password',
|
'autocomplete' => 'new-password',
|
||||||
'value' => ''
|
'value' => '',
|
||||||
|
'requirements' => (bool)$passwordRequired
|
||||||
],
|
],
|
||||||
[
|
[
|
||||||
'field' => 'confirm_password',
|
'field' => 'confirm_password',
|
||||||
'label' => __('Confirm Password'),
|
'label' => __('Confirm Password'),
|
||||||
'type' => 'password',
|
'type' => 'password',
|
||||||
'required' => $this->request->getParam('action') === 'add' ? 'required' : false,
|
'required' => $passwordRequired,
|
||||||
'autocomplete' => 'off'
|
'autocomplete' => 'off',
|
||||||
|
'requirements' => (bool)$passwordRequired
|
||||||
],
|
],
|
||||||
[
|
[
|
||||||
'field' => 'role_id',
|
'field' => 'role_id',
|
||||||
|
|
|
||||||
|
|
@ -12,13 +12,14 @@ use Cake\Core\Configure;
|
||||||
'style' => ['filter: drop-shadow(4px 4px 4px #924da666);']
|
'style' => ['filter: drop-shadow(4px 4px 4px #924da666);']
|
||||||
])
|
])
|
||||||
);
|
);
|
||||||
echo sprintf('<h4 class="text-uppercase fw-light mb-3">%s</h4>', __('Sign In'));
|
|
||||||
$template = [
|
$template = [
|
||||||
'inputContainer' => '<div class="form-floating input {{type}}{{required}}">{{content}}</div>',
|
'inputContainer' => '<div class="form-floating input {{type}}{{required}}">{{content}}</div>',
|
||||||
'formGroup' => '{{input}}{{label}}',
|
'formGroup' => '{{input}}{{label}}',
|
||||||
'submitContainer' => '<div class="submit d-grid">{{content}}</div>',
|
'submitContainer' => '<div class="submit d-grid">{{content}}</div>',
|
||||||
];
|
];
|
||||||
$this->Form->setTemplates($template);
|
$this->Form->setTemplates($template);
|
||||||
|
if (!Configure::check('password_auth.enabled') || Configure::read('password_auth.enabled')) {
|
||||||
|
echo sprintf('<h4 class="text-uppercase fw-light mb-3">%s</h4>', __('Sign In'));
|
||||||
echo $this->Form->create(null, ['url' => ['controller' => 'users', 'action' => 'login']]);
|
echo $this->Form->create(null, ['url' => ['controller' => 'users', 'action' => 'login']]);
|
||||||
echo $this->Form->control('username', ['label' => 'Username', 'class' => 'form-control mb-2', 'placeholder' => __('Username')]);
|
echo $this->Form->control('username', ['label' => 'Username', 'class' => 'form-control mb-2', 'placeholder' => __('Username')]);
|
||||||
echo $this->Form->control('password', ['type' => 'password', 'label' => 'Password', 'class' => 'form-control mb-3', 'placeholder' => __('Password')]);
|
echo $this->Form->control('password', ['type' => 'password', 'label' => 'Password', 'class' => 'form-control mb-3', 'placeholder' => __('Password')]);
|
||||||
|
|
@ -26,12 +27,14 @@ use Cake\Core\Configure;
|
||||||
echo $this->Form->end();
|
echo $this->Form->end();
|
||||||
if (!empty(Configure::read('security.registration.self-registration'))) {
|
if (!empty(Configure::read('security.registration.self-registration'))) {
|
||||||
echo '<div class="text-end">';
|
echo '<div class="text-end">';
|
||||||
echo sprintf('<span class="text-secondary ms-auto" style="font-size: 0.8rem">%s <a href="/users/register" class="text-decoration-none link-primary fw-bold">%s</a></span>', __('Doesn\'t have an account?'), __('Sign up'));
|
echo sprintf('<span class="text-secondary ms-auto" style="font-size: 0.8rem">%s <a href="/users/register" class="text-decoration-none link-primary fw-bold">%s</a></span>', __('Don\'t have an account?'), __('Sign up'));
|
||||||
echo '</div>';
|
echo '</div>';
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!empty(Configure::read('keycloak.enabled'))) {
|
if (!empty(Configure::read('keycloak.enabled'))) {
|
||||||
echo sprintf('<div class="d-flex align-items-center my-2"><hr class="d-inline-block flex-grow-1"/><span class="mx-3 fw-light">%s</span><hr class="d-inline-block flex-grow-1"/></div>', __('Or'));
|
echo sprintf('<div class="d-flex align-items-center my-2"><hr class="d-inline-block flex-grow-1"/><span class="mx-3 fw-light">%s</span><hr class="d-inline-block flex-grow-1"/></div>', __('Or'));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (!empty(Configure::read('keycloak.enabled'))) {
|
||||||
echo $this->Form->create(null, [
|
echo $this->Form->create(null, [
|
||||||
'url' => Cake\Routing\Router::url([
|
'url' => Cake\Routing\Router::url([
|
||||||
'prefix' => false,
|
'prefix' => false,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue