feat: restrict non credential provider interactions (#871)

* wip: add provider field to sqlite user table * feat: disable invites when credentials provider is not used * wip: add migration for provider field in user table with sqlite * wip: remove fields that can not be modified by non credential users * wip: make username, mail and avatar disabled instead of hidden * wip: external users membership of group cannot be managed manually * feat: add alerts to inform about disabled fields and managing group members * wip: add mysql migration for provider on user table * chore: fix format issues * chore: address pull request feedback * fix: build issue * fix: deepsource issues * fix: tests not working * feat: restrict login to specific auth providers * chore: address pull request feedback * fix: deepsource issue
2024-07-27 11:38:51 +02:00
parent eba4052522
commit 6f7327b774
36 changed files with 2989 additions and 116 deletions
--- a/packages/api/src/router/test/invite.spec.ts
+++ b/packages/api/src/router/test/invite.spec.ts
@@ -22,6 +22,15 @@ vi.mock("@homarr/auth", async () => {
  return { ...mod, auth: () => ({}) as Session };
 });

+// Mock the env module to return the credentials provider
+vi.mock("@homarr/auth/env.mjs", () => {
+  return {
+    env: {
+      AUTH_PROVIDERS: ["credentials"],
+    },
+  };
+});
+
 describe("all should return all existing invites without sensitive informations", () => {
  test("invites should not contain sensitive informations", async () => {
    // Arrange