Allow hiding password entry, changing OpenID Connect text and OpenID Connect icon

normana10 · normana10 · commit 3addcaf9b2b9 · 2022-11-15T21:13:12.000-05:00
diff --git a/cli/deployment/config.go b/cli/deployment/config.go
@@ -157,6 +157,11 @@ func newConfig() *codersdk.DeploymentConfig {
 			Flag:   "postgres-url",
 			Secret: true,
 		},
+		PasswordAuthHidden: &codersdk.DeploymentConfigField[bool]{
+			Name:  "Flag to hide password auth",
+			Usage: "When this flag is set to true, the user/password form in the UI will be hidden",
+			Flag:  "password-auth-hidden",
+		},
 		OAuth2: &codersdk.OAuth2Config{
 			Github: &codersdk.OAuth2GithubConfig{
 				ClientID: &codersdk.DeploymentConfigField[string]{
@@ -231,6 +236,16 @@ func newConfig() *codersdk.DeploymentConfig {
 				Flag:    "oidc-scopes",
 				Default: []string{oidc.ScopeOpenID, "profile", "email"},
 			},
+			SignInText: &codersdk.DeploymentConfigField[string]{
+				Name:  "OpenID Connect sign in text",
+				Usage: "The text to show on the OpenID Connect sign in button",
+				Flag:  "oidc-sign-in-text",
+			},
+			IconURL: &codersdk.DeploymentConfigField[string]{
+				Name:  "OpenID connect icon URL",
+				Usage: "URL pointing to the icon to use on the OepnID Connect login button",
+				Flag:  "oidc-icon-url",
+			},
 		},
 
 		Telemetry: &codersdk.TelemetryConfig{
diff --git a/cli/server.go b/cli/server.go
@@ -370,6 +370,8 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co
 				options.TLSCertificates = tlsConfig.Certificates
 			}
 
+			options.PasswordAuthHidden = cfg.PasswordAuthHidden.Value
+
 			if cfg.OAuth2.Github.ClientSecret.Value != "" {
 				options.GithubOAuth2Config, err = configureGithubOAuth2(accessURLParsed,
 					cfg.OAuth2.Github.ClientID.Value,
@@ -419,6 +421,8 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co
 					}),
 					EmailDomain:  cfg.OIDC.EmailDomain.Value,
 					AllowSignups: cfg.OIDC.AllowSignups.Value,
+					SignInText:   cfg.OIDC.SignInText.Value,
+					IconURL:      cfg.OIDC.IconURL.Value,
 				}
 			}
 
diff --git a/cli/testdata/coder_server_--help.golden b/cli/testdata/coder_server_--help.golden
@@ -98,12 +98,22 @@ Flags:
       --oidc-email-domain string                     Email domain that clients logging in with
                                                      OIDC must match.
                                                      Consumes $CODER_OIDC_EMAIL_DOMAIN
+      --oidc-icon-url string                         URL pointing to the icon to use on the
+                                                     OepnID Connect login button
+                                                     Consumes $CODER_OIDC_ICON_URL
       --oidc-issuer-url string                       Issuer URL to use for Login with OIDC.
                                                      Consumes $CODER_OIDC_ISSUER_URL
       --oidc-scopes strings                          Scopes to grant when authenticating with
                                                      OIDC.
                                                      Consumes $CODER_OIDC_SCOPES (default
                                                      [openid,profile,email])
+      --oidc-sign-in-text string                     The text to show on the OpenID Connect
+                                                     sign in button
+                                                     Consumes $CODER_OIDC_SIGN_IN_TEXT
+      --password-auth-hidden                         When this flag is set to true, the
+                                                     user/password form in the UI will be
+                                                     hidden
+                                                     Consumes $CODER_PASSWORD_AUTH_HIDDEN
       --postgres-url string                          URL of a PostgreSQL database. If empty,
                                                      PostgreSQL binaries will be downloaded
                                                      from Maven
diff --git a/coderd/coderd.go b/coderd/coderd.go
@@ -76,6 +76,7 @@ type Options struct {
 	Authorizer           rbac.Authorizer
 	AzureCertificates    x509.VerifyOptions
 	GoogleTokenValidator *idtoken.Validator
+	PasswordAuthHidden   bool
 	GithubOAuth2Config   *GithubOAuth2Config
 	OIDCConfig           *OIDCConfig
 	PrometheusRegistry   *prometheus.Registry
diff --git a/coderd/userauth.go b/coderd/userauth.go
@@ -44,10 +44,27 @@ type GithubOAuth2Config struct {
 }
 
 func (api *API) userAuthMethods(rw http.ResponseWriter, r *http.Request) {
+	var signInText string
+	var iconURL string
+
+	if api.OIDCConfig != nil {
+		signInText = api.OIDCConfig.SignInText
+	}
+	if api.OIDCConfig != nil {
+		iconURL = api.OIDCConfig.IconURL
+	}
+
 	httpapi.Write(r.Context(), rw, http.StatusOK, codersdk.AuthMethods{
-		Password: true,
-		Github:   api.GithubOAuth2Config != nil,
-		OIDC:     api.OIDCConfig != nil,
+		Password: codersdk.PasswordMethod{
+			AuthMethod: codersdk.AuthMethod{Enabled: true},
+			Hidden:     api.PasswordAuthHidden,
+		},
+		Github: codersdk.AuthMethod{Enabled: api.GithubOAuth2Config != nil},
+		OIDC: codersdk.OIDCMethod{
+			AuthMethod: codersdk.AuthMethod{Enabled: api.OIDCConfig != nil},
+			SignInText: signInText,
+			IconURL:    iconURL,
+		},
 	})
 }
 
@@ -195,6 +212,8 @@ type OIDCConfig struct {
 	// EmailDomain is the domain to enforce when a user authenticates.
 	EmailDomain  string
 	AllowSignups bool
+	SignInText   string
+	IconURL      string
 }
 
 func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
diff --git a/codersdk/deploymentconfig.go b/codersdk/deploymentconfig.go
@@ -24,6 +24,7 @@ type DeploymentConfig struct {
 	CacheDirectory              *DeploymentConfigField[string]          `json:"cache_directory" typescript:",notnull"`
 	InMemoryDatabase            *DeploymentConfigField[bool]            `json:"in_memory_database" typescript:",notnull"`
 	PostgresURL                 *DeploymentConfigField[string]          `json:"pg_connection_url" typescript:",notnull"`
+	PasswordAuthHidden          *DeploymentConfigField[bool]            `json:"password_auth_hidden" typescript:",notnull"`
 	OAuth2                      *OAuth2Config                           `json:"oauth2" typescript:",notnull"`
 	OIDC                        *OIDCConfig                             `json:"oidc" typescript:",notnull"`
 	Telemetry                   *TelemetryConfig                        `json:"telemetry" typescript:",notnull"`
@@ -92,6 +93,8 @@ type OIDCConfig struct {
 	EmailDomain  *DeploymentConfigField[string]   `json:"email_domain" typescript:",notnull"`
 	IssuerURL    *DeploymentConfigField[string]   `json:"issuer_url" typescript:",notnull"`
 	Scopes       *DeploymentConfigField[[]string] `json:"scopes" typescript:",notnull"`
+	SignInText   *DeploymentConfigField[string]   `json:"sign_in_text" typescript:",notnull"`
+	IconURL      *DeploymentConfigField[string]   `json:"icon_url" typescript:",notnull"`
 }
 
 type TelemetryConfig struct {
diff --git a/codersdk/users.go b/codersdk/users.go
@@ -105,11 +105,26 @@ type CreateOrganizationRequest struct {
 	Name string `json:"name" validate:"required,username"`
 }
 
-// AuthMethods contains whether authentication types are enabled or not.
+// AuthMethods contains authentication method information like whether they are enabled or not or hidden or not, etc.
 type AuthMethods struct {
-	Password bool `json:"password"`
-	Github   bool `json:"github"`
-	OIDC     bool `json:"oidc"`
+	Password PasswordMethod `json:"password"`
+	Github   AuthMethod     `json:"github"`
+	OIDC     OIDCMethod     `json:"oidc"`
+}
+
+type AuthMethod struct {
+	Enabled bool `json:"enabled"`
+}
+
+type PasswordMethod struct {
+	AuthMethod
+	Hidden bool `json:"hidden"`
+}
+
+type OIDCMethod struct {
+	AuthMethod
+	SignInText string `json:"signInText"`
+	IconURL    string `json:"iconUrl"`
 }
 
 // HasFirstUser returns whether the first user has been created.
diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts
@@ -90,11 +90,16 @@ export interface AuditLogsRequest extends Pagination {
   readonly q?: string
 }
 
+// From codersdk/users.go
+export interface AuthMethod {
+  readonly enabled: boolean
+}
+
 // From codersdk/users.go
 export interface AuthMethods {
-  readonly password: boolean
-  readonly github: boolean
-  readonly oidc: boolean
+  readonly password: PasswordMethod
+  readonly github: AuthMethod
+  readonly oidc: OIDCMethod
 }
 
 // From codersdk/authorization.go
@@ -289,6 +294,7 @@ export interface DeploymentConfig {
   readonly cache_directory: DeploymentConfigField<string>
   readonly in_memory_database: DeploymentConfigField<boolean>
   readonly pg_connection_url: DeploymentConfigField<string>
+  readonly password_auth_hidden: DeploymentConfigField<boolean>
   readonly oauth2: OAuth2Config
   readonly oidc: OIDCConfig
   readonly telemetry: TelemetryConfig
@@ -446,6 +452,14 @@ export interface OIDCConfig {
   readonly email_domain: DeploymentConfigField<string>
   readonly issuer_url: DeploymentConfigField<string>
   readonly scopes: DeploymentConfigField<string[]>
+  readonly sign_in_text: DeploymentConfigField<string>
+  readonly icon_url: DeploymentConfigField<string>
+}
+
+// From codersdk/users.go
+export interface OIDCMethod extends AuthMethod {
+  readonly signInText: string
+  readonly iconUrl: string
 }
 
 // From codersdk/organizations.go
@@ -505,6 +519,11 @@ export interface ParameterSchema {
   readonly validation_contains?: string[]
 }
 
+// From codersdk/users.go
+export interface PasswordMethod extends AuthMethod {
+  readonly hidden: boolean
+}
+
 // From codersdk/groups.go
 export interface PatchGroupRequest {
   readonly add_users: string[]
diff --git a/site/src/components/SignInForm/SignInForm.tsx b/site/src/components/SignInForm/SignInForm.tsx
@@ -130,8 +130,8 @@ export const SignInForm: FC<React.PropsWithChildren<SignInFormProps>> = ({
 
   return (
     <>
-      <Welcome />
-      <form onSubmit={form.handleSubmit}>
+      <Welcome/>
+      {!authMethods?.password.hidden && (<form onSubmit={form.handleSubmit}>
         <Stack>
           {Object.keys(loginErrors).map(
             (errorKey: string) =>
@@ -174,55 +174,56 @@ export const SignInForm: FC<React.PropsWithChildren<SignInFormProps>> = ({
             </LoadingButton>
           </div>
         </Stack>
-      </form>
-      {(authMethods?.github || authMethods?.oidc) && (
-        <>
-          <div className={styles.divider}>
-            <div className={styles.dividerLine} />
-            <div className={styles.dividerLabel}>Or</div>
-            <div className={styles.dividerLine} />
-          </div>
-
-          <Box display="grid" gridGap="16px">
-            {authMethods.github && (
-              <Link
-                underline="none"
-                href={`/api/v2/users/oauth2/github/callback?redirect=${encodeURIComponent(
-                  redirectTo,
-                )}`}
+      </form>)}
+      {(!authMethods?.password.hidden && (authMethods?.github.enabled || authMethods?.oidc.enabled)) && (
+        <div className={styles.divider}>
+          <div className={styles.dividerLine}/>
+          <div className={styles.dividerLabel}>Or</div>
+          <div className={styles.dividerLine}/>
+        </div>
+      )}
+      {(authMethods?.github.enabled || authMethods?.oidc.enabled) && (
+        <Box display="grid" gridGap="16px">
+          {authMethods.github.enabled && (
+            <Link
+              underline="none"
+              href={`/api/v2/users/oauth2/github/callback?redirect=${encodeURIComponent(
+                redirectTo,
+              )}`}
+            >
+              <Button
+                startIcon={<GitHubIcon className={styles.buttonIcon} />}
+                disabled={isLoading}
+                fullWidth
+                type="submit"
+                variant="contained"
               >
-                <Button
-                  startIcon={<GitHubIcon className={styles.buttonIcon} />}
-                  disabled={isLoading}
-                  fullWidth
-                  type="submit"
-                  variant="contained"
-                >
-                  {Language.githubSignIn}
-                </Button>
-              </Link>
-            )}
+                {Language.githubSignIn}
+              </Button>
+            </Link>
+          )}
 
-            {authMethods.oidc && (
-              <Link
-                underline="none"
-                href={`/api/v2/users/oidc/callback?redirect=${encodeURIComponent(
-                  redirectTo,
-                )}`}
+          {authMethods.oidc.enabled && (
+            <Link
+              underline="none"
+              href={`/api/v2/users/oidc/callback?redirect=${encodeURIComponent(
+                redirectTo,
+              )}`}
+            >
+              <Button
+                startIcon={authMethods.oidc.iconUrl
+                  ? <img alt="Open ID Connect icon" src={authMethods.oidc.iconUrl} width="24" height="24"/>
+                  : <KeyIcon className={styles.buttonIcon} />}
+                disabled={isLoading}
+                fullWidth
+                type="submit"
+                variant="contained"
               >
-                <Button
-                  startIcon={<KeyIcon className={styles.buttonIcon} />}
-                  disabled={isLoading}
-                  fullWidth
-                  type="submit"
-                  variant="contained"
-                >
-                  {Language.oidcSignIn}
-                </Button>
-              </Link>
-            )}
-          </Box>
-        </>
+                {authMethods.oidc.signInText || Language.oidcSignIn}
+              </Button>
+            </Link>
+          )}
+        </Box>
       )}
     </>
   )

Original file line number	Diff line number	Diff line change
`@@ -370,6 +370,8 @@ func Server(vip viper.Viper, newAPI func(context.Context, coderd.Options) (*co`
`370`	`370`	`options.TLSCertificates = tlsConfig.Certificates`
`371`	`371`	`}`
`372`	`372`
	`373`	`+ options.PasswordAuthHidden = cfg.PasswordAuthHidden.Value`
	`374`	`+`
`373`	`375`	`if cfg.OAuth2.Github.ClientSecret.Value != "" {`
`374`	`376`	`options.GithubOAuth2Config, err = configureGithubOAuth2(accessURLParsed,`
`375`	`377`	`cfg.OAuth2.Github.ClientID.Value,`
`@@ -419,6 +421,8 @@ func Server(vip viper.Viper, newAPI func(context.Context, coderd.Options) (*co`
`419`	`421`	`}),`
`420`	`422`	`EmailDomain: cfg.OIDC.EmailDomain.Value,`
`421`	`423`	`AllowSignups: cfg.OIDC.AllowSignups.Value,`
	`424`	`+ SignInText: cfg.OIDC.SignInText.Value,`
	`425`	`+ IconURL: cfg.OIDC.IconURL.Value,`
`422`	`426`	`}`
`423`	`427`	`}`
`424`	`428`