fix: restrict AllowRegistration check to local registration (#5939)

* fix: restrict AllowRegistration check to local registration

* add comment

* add additional tests

* hide registration fields if no registration allowed

* fix: always allow linking and creation of external idps on users in userV2 and admin import

* chore: exclude console dist and node_module folders from cache

* chore: include node_module folders into cache again

* linting

internal/api/grpc/admin/import.go

@@ -623,11 +623,10 @@ func (s *Server) importData(ctx context.Context, orgs []*admin_pb.DataOrg) (*adm
 		if org.UserLinks != nil {
 			for _, userLinks := range org.GetUserLinks() {
 				logging.Debugf("import userlink: %s", userLinks.GetUserId()+"_"+userLinks.GetIdpId()+"_"+userLinks.GetProvidedUserId()+"_"+userLinks.GetProvidedUserName())
-				externalIDP := &domain.UserIDPLink{
-					ObjectRoot:     models.ObjectRoot{AggregateID: userLinks.UserId},
-					IDPConfigID:    userLinks.IdpId,
-					ExternalUserID: userLinks.ProvidedUserId,
-					DisplayName:    userLinks.ProvidedUserName,
+				externalIDP := &command.AddLink{
+					IDPID:         userLinks.IdpId,
+					IDPExternalID: userLinks.ProvidedUserId,
+					DisplayName:   userLinks.ProvidedUserName,
 				}
 				if _, err := s.command.AddUserIDPLink(ctx, userLinks.UserId, org.GetOrgId(), externalIDP); err != nil {
 					errors = append(errors, &admin_pb.ImportDataError{Type: "user_link", Id: userLinks.UserId + "_" + userLinks.IdpId, Message: err.Error()})

internal/api/grpc/user/v2/user.go

@@ -116,10 +116,10 @@ func genderToDomain(gender user.Gender) domain.Gender {
 
 func (s *Server) AddIDPLink(ctx context.Context, req *user.AddIDPLinkRequest) (_ *user.AddIDPLinkResponse, err error) {
 	orgID := authz.GetCtxData(ctx).OrgID
-	details, err := s.command.AddUserIDPLink(ctx, req.UserId, orgID, &domain.UserIDPLink{
-		IDPConfigID:    req.GetIdpLink().GetIdpId(),
-		ExternalUserID: req.GetIdpLink().GetUserId(),
-		DisplayName:    req.GetIdpLink().GetUserName(),
+	details, err := s.command.AddUserIDPLink(ctx, req.UserId, orgID, &command.AddLink{
+		IDPID:         req.GetIdpLink().GetIdpId(),
+		DisplayName:   req.GetIdpLink().GetUserName(),
+		IDPExternalID: req.GetIdpLink().GetUserId(),
 	})
 	if err != nil {
 		return nil, err

internal/api/ui/login/external_provider_handler.go

@@ -66,6 +66,7 @@ type externalNotFoundOptionData struct {
 	ExternalEmailVerified      bool
 	ExternalPhone              domain.PhoneNumber
 	ExternalPhoneVerified      bool
+	ProviderName               string
 }
 
 type externalRegisterFormData struct {
@@ -503,6 +504,7 @@ func (l *Login) renderExternalNotFoundOption(w http.ResponseWriter, r *http.Requ
 		ShowUsername:               orgIAMPolicy.UserLoginMustBeDomain,
 		ShowUsernameSuffix:         !labelPolicy.HideLoginNameSuffix,
 		OrgRegister:                orgIAMPolicy.UserLoginMustBeDomain,
+		ProviderName:               domain.IDPName(idpTemplate.Name, idpTemplate.Type),
 	}
 	if human.Phone != nil {
 		data.Phone = human.PhoneNumber

internal/api/ui/login/static/templates/external_not_found_option.html

@@ -1,8 +1,11 @@
 {{template "main-top" .}}
 
 <div class="lgn-head">
-    <h1>{{t "ExternalNotFound.Title"}}</h1>
+    <h1>{{.ProviderName}} - {{t "ExternalNotFound.Title"}}</h1>
+
+    {{ if or .IsLinkingAllowed .IsCreationAllowed }}
     <p>{{t "ExternalNotFound.Description"}}</p>
+    {{ end }}
 
 </div>
 
@@ -21,6 +24,7 @@
     <input type="hidden" id="external-phone-verified" name="external-phone-verified" value="{{ .ExternalPhoneVerified }}" />
 
     <div class="lgn-register">
+        {{ if or .IsCreationAllowed }}
         <div class="double-col">
             <div class="lgn-field">
                 <label class="lgn-label" for="firstname">{{t "ExternalRegistrationUserOverview.FirstnameLabel"}}</label>
@@ -85,8 +89,9 @@
                 </select>
             </div>
         </div>
+        {{end}}
 
-        {{ if or .TOSLink .PrivacyLink }}
+        {{ if and (or .IsLinkingAllowed .IsCreationAllowed) (or .TOSLink .PrivacyLink) }}
         <div class="lgn-field">
             <label class="lgn-label">{{t "ExternalNotFound.TosAndPrivacyLabel"}}</label>
             {{ if .TOSLink }}