fix: signup is not allowed if password login is disabled (#2776)

Signup is not allowed if password login is disabled If password login is disabled in the system configuration, the "signup" in the "/auth" page disappears, but the user can manually enter "/auth/signup" to access the system by creating a new user.

fix: signup is not allowed if password login is disabled (#2776)
Signup is not allowed if password login is disabled If password login is disabled in the system configuration, the "signup" in the "/auth" page disappears, but the user can manually enter "/auth/signup" to access the system by creating a new user.
e4488da9 · Wen Sun · GitHub · cc43d06d · e4488da9
Unverified Commit e4488da9 authored Jan 17, 2024 by Wen Sun Committed by GitHub Jan 17, 2024
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 0 deletions

auth.go api/v1/auth.go +17 -0

No files found.
--- a/api/v1/auth.go
+++ b/api/v1/auth.go
@@ -324,6 +324,23 @@ func (s *APIV1Service) SignUp(c echo.Context) error {
 		if !allowSignUpSettingValue {
 			return echo.NewHTTPError(http.StatusUnauthorized, "signup is disabled").SetInternal(err)
 		}
+
+		disablePasswordLoginSystemSetting, err := s.Store.GetSystemSetting(ctx, &store.FindSystemSetting{
+			Name: SystemSettingDisablePasswordLoginName.String(),
+		})
+		if err != nil {
+			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find system setting").SetInternal(err)
+		}
+		if disablePasswordLoginSystemSetting != nil {
+			disablePasswordLogin := false
+			err = json.Unmarshal([]byte(disablePasswordLoginSystemSetting.Value), &disablePasswordLogin)
+			if err != nil {
+				return echo.NewHTTPError(http.StatusInternalServerError, "Failed to unmarshal system setting").SetInternal(err)
+			}
+			if disablePasswordLogin {
+				return echo.NewHTTPError(http.StatusUnauthorized, "password login is deactivated")
+			}
+		}
 	}

 	passwordHash, err := bcrypt.GenerateFromPassword([]byte(signup.Password), bcrypt.DefaultCost)