fix: restrict AllowRegistration check to local registration (#5939)

* fix: restrict AllowRegistration check to local registration * add comment * add additional tests * hide registration fields if no registration allowed * fix: always allow linking and creation of external idps on users in userV2 and admin import * chore: exclude console dist and node_module folders from cache * chore: include node_module folders into cache again * linting
2025-08-12 04:57:33 +00:00 · 2023-08-23 13:55:52 +02:00
parent cbd2ef0612
commit 66772ad0dd
9 changed files with 468 additions and 40 deletions
--- a/internal/api/ui/login/external_provider_handler.go
+++ b/internal/api/ui/login/external_provider_handler.go
@@ -66,6 +66,7 @@ type externalNotFoundOptionData struct {
 	ExternalEmailVerified      bool
 	ExternalPhone              domain.PhoneNumber
 	ExternalPhoneVerified      bool
+	ProviderName               string
 }

 type externalRegisterFormData struct {
@@ -503,6 +504,7 @@ func (l *Login) renderExternalNotFoundOption(w http.ResponseWriter, r *http.Requ
 		ShowUsername:               orgIAMPolicy.UserLoginMustBeDomain,
 		ShowUsernameSuffix:         !labelPolicy.HideLoginNameSuffix,
 		OrgRegister:                orgIAMPolicy.UserLoginMustBeDomain,
+		ProviderName:               domain.IDPName(idpTemplate.Name, idpTemplate.Type),
 	}
 	if human.Phone != nil {
 		data.Phone = human.PhoneNumber
--- a/internal/api/ui/login/static/templates/external_not_found_option.html
+++ b/internal/api/ui/login/static/templates/external_not_found_option.html
@@ -1,8 +1,11 @@
 {{template "main-top" .}}

 <div class="lgn-head">
-    <h1>{{t "ExternalNotFound.Title"}}</h1>
+    <h1>{{.ProviderName}} - {{t "ExternalNotFound.Title"}}</h1>
+
+    {{ if or .IsLinkingAllowed .IsCreationAllowed }}
    <p>{{t "ExternalNotFound.Description"}}</p>
+    {{ end }}

 </div>

@@ -21,6 +24,7 @@
    <input type="hidden" id="external-phone-verified" name="external-phone-verified" value="{{ .ExternalPhoneVerified }}" />

    <div class="lgn-register">
+        {{ if or .IsCreationAllowed }}
        <div class="double-col">
            <div class="lgn-field">
                <label class="lgn-label" for="firstname">{{t "ExternalRegistrationUserOverview.FirstnameLabel"}}</label>
@@ -85,8 +89,9 @@
                </select>
            </div>
        </div>
+        {{end}}

-        {{ if or .TOSLink .PrivacyLink }}
+        {{ if and (or .IsLinkingAllowed .IsCreationAllowed) (or .TOSLink .PrivacyLink) }}
        <div class="lgn-field">
            <label class="lgn-label">{{t "ExternalNotFound.TosAndPrivacyLabel"}}</label>
            {{ if .TOSLink }}