feat: restrict non credential provider interactions (#871)

* wip: add provider field to sqlite user table * feat: disable invites when credentials provider is not used * wip: add migration for provider field in user table with sqlite * wip: remove fields that can not be modified by non credential users * wip: make username, mail and avatar disabled instead of hidden * wip: external users membership of group cannot be managed manually * feat: add alerts to inform about disabled fields and managing group members * wip: add mysql migration for provider on user table * chore: fix format issues * chore: address pull request feedback * fix: build issue * fix: deepsource issues * fix: tests not working * feat: restrict login to specific auth providers * chore: address pull request feedback * fix: deepsource issue
2024-07-27 11:38:51 +02:00
parent eba4052522
commit 6f7327b774
36 changed files with 2989 additions and 116 deletions
--- a/packages/api/src/router/test/group.spec.ts
+++ b/packages/api/src/router/test/group.spec.ts
@@ -170,8 +170,8 @@ describe("byId should return group by id including members and permissions", ()
    expect(result.members.length).toBe(1);

    const userKeys = Object.keys(result.members[0] ?? {});
-    expect(userKeys.length).toBe(4);
-    expect(["id", "name", "email", "image"].some((key) => userKeys.includes(key)));
+    expect(userKeys.length).toBe(5);
+    expect(["id", "name", "email", "image", "provider"].some((key) => userKeys.includes(key)));
    expect(result.permissions.length).toBe(1);
    expect(result.permissions[0]).toBe("admin");
  });
--- a/packages/api/src/router/test/invite.spec.ts
+++ b/packages/api/src/router/test/invite.spec.ts
@@ -22,6 +22,15 @@ vi.mock("@homarr/auth", async () => {
  return { ...mod, auth: () => ({}) as Session };
 });

+// Mock the env module to return the credentials provider
+vi.mock("@homarr/auth/env.mjs", () => {
+  return {
+    env: {
+      AUTH_PROVIDERS: ["credentials"],
+    },
+  };
+});
+
 describe("all should return all existing invites without sensitive informations", () => {
  test("invites should not contain sensitive informations", async () => {
    // Arrange
--- a/packages/api/src/router/test/user.spec.ts
+++ b/packages/api/src/router/test/user.spec.ts
@@ -13,6 +13,15 @@ vi.mock("@homarr/auth", async () => {
  return { ...mod, auth: () => ({}) as Session };
 });

+// Mock the env module to return the credentials provider
+vi.mock("@homarr/auth/env.mjs", () => {
+  return {
+    env: {
+      AUTH_PROVIDERS: ["credentials"],
+    },
+  };
+});
+
 describe("initUser should initialize the first user", () => {
  it("should throw an error if a user already exists", async () => {
    const db = createDb();
@@ -230,6 +239,7 @@ describe("editProfile shoud update user", () => {
      password: null,
      image: null,
      homeBoardId: null,
+      provider: "credentials",
    });
  });

@@ -270,6 +280,7 @@ describe("editProfile shoud update user", () => {
      password: null,
      image: null,
      homeBoardId: null,
+      provider: "credentials",
    });
  });
 });
@@ -294,6 +305,7 @@ describe("delete should delete user", () => {
        password: null,
        salt: null,
        homeBoardId: null,
+        provider: "ldap" as const,
      },
      {
        id: userToDelete,
@@ -314,6 +326,7 @@ describe("delete should delete user", () => {
        password: null,
        salt: null,
        homeBoardId: null,
+        provider: "oidc" as const,
      },
    ];