Skip to content

Add .env variable to disable basic login and WebAuthn login #3382

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add .env variable to disable basic login and WebAuthn login #3382

wants to merge 1 commit into from

Conversation

ildyria
Copy link
Member

@ildyria ildyria commented May 29, 2025

Additionally, add a automatic redirection to the oauth url if that is the only login option available.

This pull request introduces support for disabling specific authentication methods (Basic Auth and WebAuthn) via configuration, along with adjustments to ensure proper handling when these methods are disabled. The changes include new diagnostic checks, exception handling, and updates to controllers and requests to respect the configuration settings.

Authentication Configuration Enhancements:

  • Added new configuration options in config/features.php to disable Basic Auth (disable-basic-auth) and WebAuthn (disable-webauthn) through environment variables. ([config/features.phpR62-R79](https://github.com/LycheeOrg/Lychee/pull/3382/files#diff-cb496c3608c7f2c74e0a426831cf1190f53e4d332a7a681ec074325aa057bcd2R62-R79))
  • Introduced AuthServiceProvider methods (isBasicAuthEnabled, isWebAuthnEnabled, isOauthEnabled) to centralize checks for enabled authentication methods. ([app/Providers/AuthServiceProvider.phpR67-R105](https://github.com/LycheeOrg/Lychee/pull/3382/files#diff-9d0a077acda375ef8f06f27e2f823037207bcbaa21c2c87cf4c113a13a3eb0c4R67-R105))

Diagnostic and Exception Handling:

  • Added a new diagnostic check, AuthDisabledCheck, to warn if all authentication methods are disabled or improperly configured. ([[1]](https://github.com/LycheeOrg/Lychee/pull/3382/files#diff-47b93879767340f10bc787c89d513bfb893acd9ac426a17540f848ac44361e0eR1-R85), [[2]](https://github.com/LycheeOrg/Lychee/pull/3382/files#diff-cd0f99f20efa398dce5f099ad81b1003c76a49c69b651fa8a530cd6ce6d64c66R48))
  • Introduced BasicAuthDisabledExecption and WebAuthnDisabledExecption to handle cases where disabled authentication methods are accessed. ([[1]](https://github.com/LycheeOrg/Lychee/pull/3382/files#diff-01af96771b34d29e82d1a7d56c23469b0d958e1743738c4e63ebe7beaa1be190R1-R24), [[2]](https://github.com/LycheeOrg/Lychee/pull/3382/files#diff-d64bd7fea443c6cc35977484df7a323cc367c153d1efcffe4d7295a01696a29dR1-R24))

Controller Updates:

  • Updated OauthController to use AuthServiceProvider::getAvailableOauthProviders for determining available OAuth providers. ([[1]](https://github.com/LycheeOrg/Lychee/pull/3382/files#diff-4fb5856344e911f5c894a3f171002426ed6b937b9fc46ba540516afe0a1b7ec9L139-R140), [[2]](https://github.com/LycheeOrg/Lychee/pull/3382/files#diff-4fb5856344e911f5c894a3f171002426ed6b937b9fc46ba540516afe0a1b7ec9L169-R165))
  • Added validation in WebAuthnLoginController to ensure WebAuthn is enabled before processing requests. ([[1]](https://github.com/LycheeOrg/Lychee/pull/3382/files#diff-9b369efd047aa28c8c56371a310edd44ce93f58720540d7aa2c7806637689959R36-R37), [[2]](https://github.com/LycheeOrg/Lychee/pull/3382/files#diff-9b369efd047aa28c8c56371a310edd44ce93f58720540d7aa2c7806637689959R119-R133))

Request and Profile Handling:

  • Adjusted UpdateProfileRequest and LoginRequest to respect the disabled state of Basic Auth by modifying validation and authorization logic. ([[1]](https://github.com/LycheeOrg/Lychee/pull/3382/files#diff-1e5457ec606d26a6197378b5995d9af8c06336e40d2958c5f73c0a5f5a97f517R43-R48), [[2]](https://github.com/LycheeOrg/Lychee/pull/3382/files#diff-0965d0e08d57a450abf45874423b7d91c620286fa36bbf5b70960c15899d2354L30-R32))

Other Changes:

  • Updated InitConfig to include flags indicating whether Basic Auth and WebAuthn are enabled, for use in the gallery configuration. ([[1]](https://github.com/LycheeOrg/Lychee/pull/3382/files#diff-d31771d798b76463dc8bb0c03d41ab098b9600d38beeae4bb84cbb34c118d86fR92-R94), [[2]](https://github.com/LycheeOrg/Lychee/pull/3382/files#diff-d31771d798b76463dc8bb0c03d41ab098b9600d38beeae4bb84cbb34c118d86fR147-R149))

@ildyria ildyria requested a review from a team as a code owner May 29, 2025 15:44
@ildyria ildyria added the Review: medium Medium review expected: not many files, some attention to details required. label May 29, 2025
@codecov Codecov
Copy link

codecov bot commented May 29, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 54.54545% with 25 lines in your changes missing coverage. Please review.

Project coverage is 86.49%. Comparing base (75749e6) to head (50a59bd).

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@ildyria ildyria added the alpha-ready Branch is available in alpha label May 31, 2025
@ildyria ildyria force-pushed the add-env-disable-login branch from 7ebb842 to f50437d Compare June 7, 2025 10:19
@ildyria ildyria force-pushed the add-env-disable-login branch from f50437d to 50a59bd Compare June 11, 2025 13:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
alpha-ready Branch is available in alpha Review: medium Medium review expected: not many files, some attention to details required.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ildyria