feat: restrict non credential provider interactions (#871)

* wip: add provider field to sqlite user table * feat: disable invites when credentials provider is not used * wip: add migration for provider field in user table with sqlite * wip: remove fields that can not be modified by non credential users * wip: make username, mail and avatar disabled instead of hidden * wip: external users membership of group cannot be managed manually * feat: add alerts to inform about disabled fields and managing group members * wip: add mysql migration for provider on user table * chore: fix format issues * chore: address pull request feedback * fix: build issue * fix: deepsource issues * fix: tests not working * feat: restrict login to specific auth providers * chore: address pull request feedback * fix: deepsource issue
2024-07-27 11:38:51 +02:00
parent eba4052522
commit 6f7327b774
36 changed files with 2989 additions and 116 deletions
--- a/packages/db/migrations/mysql/0005_soft_microbe.sql
+++ b/packages/db/migrations/mysql/0005_soft_microbe.sql
@@ -0,0 +1 @@
+ALTER TABLE `user` ADD `provider` varchar(64) DEFAULT 'credentials' NOT NULL;
--- a/packages/db/migrations/mysql/meta/0005_snapshot.json
+++ b/packages/db/migrations/mysql/meta/0005_snapshot.json
--- a/packages/db/migrations/mysql/meta/_journal.json
+++ b/packages/db/migrations/mysql/meta/_journal.json
@@ -36,6 +36,13 @@
      "when": 1720113913876,
      "tag": "0004_noisy_giant_girl",
      "breakpoints": true
+    },
+    {
+      "idx": 5,
+      "version": "5",
+      "when": 1722068832607,
+      "tag": "0005_soft_microbe",
+      "breakpoints": true
    }
  ]
 }
--- a/packages/db/migrations/sqlite/0005_lean_random.sql
+++ b/packages/db/migrations/sqlite/0005_lean_random.sql
@@ -0,0 +1 @@
+ALTER TABLE `user` ADD `provider` text DEFAULT 'credentials' NOT NULL;
--- a/packages/db/migrations/sqlite/meta/0005_snapshot.json
+++ b/packages/db/migrations/sqlite/meta/0005_snapshot.json
--- a/packages/db/migrations/sqlite/meta/_journal.json
+++ b/packages/db/migrations/sqlite/meta/_journal.json
@@ -36,6 +36,13 @@
      "when": 1720036615408,
      "tag": "0004_peaceful_red_ghost",
      "breakpoints": true
+    },
+    {
+      "idx": 5,
+      "version": "6",
+      "when": 1722014142492,
+      "tag": "0005_lean_random",
+      "breakpoints": true
    }
  ]
 }
--- a/packages/db/schema/mysql.ts
+++ b/packages/db/schema/mysql.ts
@@ -13,6 +13,7 @@ import type {
  IntegrationPermission,
  IntegrationSecretKind,
  SectionKind,
+  SupportedAuthProvider,
  WidgetKind,
 } from "@homarr/definitions";
 import { backgroundImageAttachments, backgroundImageRepeats, backgroundImageSizes } from "@homarr/definitions";
@@ -25,6 +26,7 @@ export const users = mysqlTable("user", {
  image: text("image"),
  password: text("password"),
  salt: text("salt"),
+  provider: varchar("provider", { length: 64 }).$type<SupportedAuthProvider>().default("credentials").notNull(),
  homeBoardId: varchar("homeBoardId", { length: 64 }).references((): AnyMySqlColumn => boards.id, {
    onDelete: "set null",
  }),
--- a/packages/db/schema/sqlite.ts
+++ b/packages/db/schema/sqlite.ts
@@ -15,6 +15,7 @@ import type {
  IntegrationPermission,
  IntegrationSecretKind,
  SectionKind,
+  SupportedAuthProvider,
  WidgetKind,
 } from "@homarr/definitions";

@@ -26,6 +27,7 @@ export const users = sqliteTable("user", {
  image: text("image"),
  password: text("password"),
  salt: text("salt"),
+  provider: text("provider").$type<SupportedAuthProvider>().default("credentials").notNull(),
  homeBoardId: text("homeBoardId").references((): AnySQLiteColumn => boards.id, {
    onDelete: "set null",
  }),
				`@@ -0,0 +1 @@`
				ALTER TABLE `user` ADD `provider` varchar(64) DEFAULT 'credentials' NOT NULL;
				`@@ -0,0 +1 @@`
				ALTER TABLE `user` ADD `provider` text DEFAULT 'credentials' NOT NULL;