Hide create user if password auth is disabled

kylecarbs · kylecarbs · commit 067ed9a8555f · 2023-02-13T22:28:31.000Z
diff --git a/coderd/users.go b/coderd/users.go
@@ -293,6 +293,15 @@ func (api *API) postUser(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// If password auth is disabled, don't allow new users to be
+	// created with a password!
+	if api.DeploymentConfig.DisablePasswordAuth.Value {
+		httpapi.Write(ctx, rw, http.StatusForbidden, codersdk.Response{
+			Message: "You cannot manually provision new users with password authentication disabled!",
+		})
+		return
+	}
+
 	// TODO: @emyrk Authorize the organization create if the createUser will do that.
 
 	_, err := api.Database.GetUserByEmailOrUsername(ctx, database.GetUserByEmailOrUsernameParams{
diff --git a/site/src/components/UsersLayout/UsersLayout.tsx b/site/src/components/UsersLayout/UsersLayout.tsx
@@ -3,6 +3,7 @@ import Link from "@material-ui/core/Link"
 import { makeStyles } from "@material-ui/core/styles"
 import GroupAdd from "@material-ui/icons/GroupAddOutlined"
 import PersonAdd from "@material-ui/icons/PersonAddOutlined"
+import { useMachine } from "@xstate/react"
 import { USERS_LINK } from "components/NavbarView/NavbarView"
 import { PageHeader, PageHeaderTitle } from "components/PageHeader/PageHeader"
 import { useFeatureVisibility } from "hooks/useFeatureVisibility"
@@ -15,13 +16,15 @@ import {
   useNavigate,
 } from "react-router-dom"
 import { combineClasses } from "util/combineClasses"
+import { authMethodsXService } from "xServices/auth/authMethodsXService"
 import { Margins } from "../../components/Margins/Margins"
 import { Stack } from "../../components/Stack/Stack"
 
 export const UsersLayout: FC = () => {
   const styles = useStyles()
   const { createUser: canCreateUser, createGroup: canCreateGroup } =
     usePermissions()
+  const [authMethods] = useMachine(authMethodsXService)
   const navigate = useNavigate()
   const { template_rbac: isTemplateRBACEnabled } = useFeatureVisibility()
 
@@ -31,16 +34,17 @@ export const UsersLayout: FC = () => {
         <PageHeader
           actions={
             <>
-              {canCreateUser && (
-                <Button
-                  onClick={() => {
-                    navigate("/users/create")
-                  }}
-                  startIcon={<PersonAdd />}
-                >
-                  Create user
-                </Button>
-              )}
+              {canCreateUser &&
+                authMethods.context.authMethods?.password.enabled && (
+                  <Button
+                    onClick={() => {
+                      navigate("/users/create")
+                    }}
+                    startIcon={<PersonAdd />}
+                  >
+                    Create user
+                  </Button>
+                )}
               {canCreateGroup && isTemplateRBACEnabled && (
                 <Link
                   underline="none"
diff --git a/site/src/xServices/auth/authMethodsXService.ts b/site/src/xServices/auth/authMethodsXService.ts
@@ -0,0 +1,52 @@
+import { assign, createMachine } from "xstate";
+import * as TypeGen from "api/typesGenerated"
+import * as API from "api/api"
+
+export interface AuthMethodsContext {
+  authMethods?: TypeGen.AuthMethods
+  error?: Error | unknown
+}
+
+export const authMethodsXService = createMachine({
+  id: "authMethods",
+  predictableActionArguments: true,
+  tsTypes: {} as import("./authMethodsXService.typegen").Typegen0,
+  schema: {
+    context: {} as AuthMethodsContext,
+    services: {} as {
+      getAuthMethods: {
+        data: TypeGen.AuthMethods
+      }
+    }
+  },
+  context: {},
+  initial: "gettingAuthMethods",
+  states: {
+    gettingAuthMethods: {
+      invoke: {
+        src: "getAuthMethods",
+        onDone: {
+          target: "idle",
+          actions: ["assignAuthMethods"]
+        },
+        onError: {
+          target: "idle",
+          actions: ["setError"]
+        },
+      },
+    },
+    idle: {},
+  },
+}, {
+  actions: {
+    assignAuthMethods: assign({
+      authMethods: (_, event) => event.data,
+    }),
+    setError: assign({
+      error: (_, event) => event.data,
+    }),
+  },
+  services: {
+    getAuthMethods: () => API.getAuthMethods(),
+  },
+})
