Commit 8cf065ca authored by kaiyou's avatar kaiyou

Add an SSO-only behavior for Omniauth

parent 1f1af9be
Pipeline #3250 passed with stage
in 21 minutes
......@@ -35,6 +35,7 @@ module Admin
@profile_directory = Setting.profile_directory
@timeline_preview = Setting.timeline_preview
@spam_check_enabled = Setting.spam_check_enabled
@sso_only_enabled = Setting.sso_only_enabled
@trends_enabled = Setting.trends
end
......
......@@ -30,6 +30,7 @@ class Form::AdminSettings
hero
mascot
spam_check_enabled
sso_only_enabled
trends
trendable_by_default
show_domain_blocks
......@@ -49,6 +50,7 @@ class Form::AdminSettings
preview_sensitive_media
profile_directory
spam_check_enabled
sso_only_enabled
trends
trendable_by_default
noindex
......
= simple_form_for(new_user, url: user_session_path, namespace: 'login') do |f|
.fields-group
- if use_seamless_external_login?
= f.input :email, placeholder: t('simple_form.labels.defaults.username_or_email'), input_html: { 'aria-label' => t('simple_form.labels.defaults.username_or_email') }, hint: false
- else
= f.input :email, placeholder: t('simple_form.labels.defaults.email'), input_html: { 'aria-label' => t('simple_form.labels.defaults.email') }, hint: false
- if !Setting.sso_only_enabled
= simple_form_for(new_user, url: user_session_path, namespace: 'login') do |f|
.fields-group
- if use_seamless_external_login?
= f.input :email, placeholder: t('simple_form.labels.defaults.username_or_email'), input_html: { 'aria-label' => t('simple_form.labels.defaults.username_or_email') }, hint: false
- else
= f.input :email, placeholder: t('simple_form.labels.defaults.email'), input_html: { 'aria-label' => t('simple_form.labels.defaults.email') }, hint: false
= f.input :password, placeholder: t('simple_form.labels.defaults.password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.password') }, hint: false
= f.input :password, placeholder: t('simple_form.labels.defaults.password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.password') }, hint: false
.actions
= f.button :button, t('auth.login'), type: :submit, class: 'button button-primary'
.actions
= f.button :button, t('auth.login'), type: :submit, class: 'button button-primary'
%p.hint.subtle-hint= link_to t('auth.trouble_logging_in'), new_user_password_path
%p.hint.subtle-hint= link_to t('auth.trouble_logging_in'), new_user_password_path
- else
- resource_class.omniauth_providers.each do |provider|
= link_to t("auth.providers.#{provider}", default: provider.to_s.chomp("_oauth2").capitalize), omniauth_authorize_path(resource_name, provider), class: "button button-#{provider}", method: :post
\ No newline at end of file
......@@ -2,29 +2,32 @@
= simple_form_for(new_user, url: user_registration_path, namespace: 'registration', html: { novalidate: false }) do |f|
%p.lead= t('about.federation_hint_html', instance: content_tag(:strong, site_hostname))
.fields-group
= f.simple_fields_for :account do |account_fields|
= account_fields.input :username, wrapper: :with_label, label: false, required: true, input_html: { 'aria-label' => t('simple_form.labels.defaults.username'), :autocomplete => 'off', placeholder: t('simple_form.labels.defaults.username'), pattern: '[a-zA-Z0-9_]+', maxlength: 30 }, append: "@#{site_hostname}", hint: false, disabled: closed_registrations?
- if !Setting.sso_only_enabled
.fields-group
= f.simple_fields_for :account do |account_fields|
= account_fields.input :username, wrapper: :with_label, label: false, required: true, input_html: { 'aria-label' => t('simple_form.labels.defaults.username'), :autocomplete => 'off', placeholder: t('simple_form.labels.defaults.username'), pattern: '[a-zA-Z0-9_]+', maxlength: 30 }, append: "@#{site_hostname}", hint: false, disabled: closed_registrations?
= f.input :email, placeholder: t('simple_form.labels.defaults.email'), required: true, input_html: { 'aria-label' => t('simple_form.labels.defaults.email'), :autocomplete => 'off' }, hint: false, disabled: closed_registrations?
= f.input :password, placeholder: t('simple_form.labels.defaults.password'), required: true, input_html: { 'aria-label' => t('simple_form.labels.defaults.password'), :autocomplete => 'off', :minlength => User.password_length.first, :maxlength => User.password_length.last }, hint: false, disabled: closed_registrations?
= f.input :password_confirmation, placeholder: t('simple_form.labels.defaults.confirm_password'), required: true, input_html: { 'aria-label' => t('simple_form.labels.defaults.confirm_password'), :autocomplete => 'off' }, hint: false, disabled: closed_registrations?
= f.input :email, placeholder: t('simple_form.labels.defaults.email'), required: true, input_html: { 'aria-label' => t('simple_form.labels.defaults.email'), :autocomplete => 'off' }, hint: false, disabled: closed_registrations?
= f.input :password, placeholder: t('simple_form.labels.defaults.password'), required: true, input_html: { 'aria-label' => t('simple_form.labels.defaults.password'), :autocomplete => 'off', :minlength => User.password_length.first, :maxlength => User.password_length.last }, hint: false, disabled: closed_registrations?
= f.input :password_confirmation, placeholder: t('simple_form.labels.defaults.confirm_password'), required: true, input_html: { 'aria-label' => t('simple_form.labels.defaults.confirm_password'), :autocomplete => 'off' }, hint: false, disabled: closed_registrations?
= f.input :confirm_password, as: :string, placeholder: t('simple_form.labels.defaults.honeypot', label: t('simple_form.labels.defaults.password')), required: false, input_html: { 'aria-label' => t('simple_form.labels.defaults.honeypot', label: t('simple_form.labels.defaults.password')), :autocomplete => 'off' }, hint: false, disabled: closed_registrations?
= f.input :website, as: :url, placeholder: t('simple_form.labels.defaults.honeypot', label: 'Website'), required: false, input_html: { 'aria-label' => t('simple_form.labels.defaults.honeypot', label: 'Website'), :autocomplete => 'off' }, hint: false, disabled: closed_registrations?
= f.input :confirm_password, as: :string, placeholder: t('simple_form.labels.defaults.honeypot', label: t('simple_form.labels.defaults.password')), required: false, input_html: { 'aria-label' => t('simple_form.labels.defaults.honeypot', label: t('simple_form.labels.defaults.password')), :autocomplete => 'off' }, hint: false, disabled: closed_registrations?
= f.input :website, as: :url, placeholder: t('simple_form.labels.defaults.honeypot', label: 'Website'), required: false, input_html: { 'aria-label' => t('simple_form.labels.defaults.honeypot', label: 'Website'), :autocomplete => 'off' }, hint: false, disabled: closed_registrations?
- if approved_registrations?
.fields-group
= f.simple_fields_for :invite_request do |invite_request_fields|
= invite_request_fields.input :text, as: :text, wrapper: :with_block_label, required: Setting.require_invite_text
- if approved_registrations?
.fields-group
= f.simple_fields_for :invite_request do |invite_request_fields|
= invite_request_fields.input :text, as: :text, wrapper: :with_block_label, required: Setting.require_invite_text
.fields-group
= f.input :agreement, as: :boolean, wrapper: :with_label, label: t('auth.checkbox_agreement_html', rules_path: about_more_path, terms_path: terms_path), required: true, disabled: closed_registrations?
.fields-group
= f.input :agreement, as: :boolean, wrapper: :with_label, label: t('auth.checkbox_agreement_html', rules_path: about_more_path, terms_path: terms_path), required: true, disabled: closed_registrations?
.actions
= f.button :button, sign_up_message, type: :submit, class: 'button button-primary', disabled: closed_registrations?
.actions
= f.button :button, sign_up_message, type: :submit, class: 'button button-primary', disabled: closed_registrations?
- else
%p.lead= t('about.sso_only_hint')
- if closed_registrations? && @instance_presenter.closed_registrations_message.present?
- if closed_registrations? && @instance_presenter.closed_registrations_message.present? && !Setting.sso_only_enabled
.simple_form__overlay-area__overlay
.simple_form__overlay-area__overlay__content.rich-formatting
.block-icon= fa_icon 'warning'
......
......@@ -71,6 +71,8 @@
= feature_hint(link_to(t('admin.dashboard.feature_relay'), admin_relays_path), @relay_enabled)
%li
= feature_hint(link_to(t('admin.dashboard.feature_spam_check'), edit_admin_settings_path), @spam_check_enabled)
%li
= feature_hint(link_to(t('admin.dashboard.feature_sso_only'), edit_admin_settings_path), @sso_only_enabled)
.dashboard__widgets__versions
%div
......
......@@ -95,6 +95,9 @@
.fields-group
= f.input :spam_check_enabled, as: :boolean, wrapper: :with_label, label: t('admin.settings.spam_check_enabled.title'), hint: t('admin.settings.spam_check_enabled.desc_html')
.fields-group
= f.input :sso_only_enabled, as: :boolean, wrapper: :with_label, label: t('admin.settings.sso_only_enabled.title'), hint: t('admin.settings.sso_only_enabled.desc_html')
%hr.spacer/
.fields-group
......
......@@ -4,17 +4,18 @@
- content_for :header_tags do
= render partial: 'shared/og'
= simple_form_for(resource, as: resource_name, url: session_path(resource_name)) do |f|
.fields-group
- if use_seamless_external_login?
= f.input :email, autofocus: true, wrapper: :with_label, label: t('simple_form.labels.defaults.username_or_email'), input_html: { 'aria-label' => t('simple_form.labels.defaults.username_or_email') }, hint: false
- else
= f.input :email, autofocus: true, wrapper: :with_label, label: t('simple_form.labels.defaults.email'), input_html: { 'aria-label' => t('simple_form.labels.defaults.email') }, hint: false
.fields-group
= f.input :password, wrapper: :with_label, label: t('simple_form.labels.defaults.password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.password'), :autocomplete => 'off' }, hint: false
- if !Setting.sso_only_enabled
= simple_form_for(resource, as: resource_name, url: session_path(resource_name)) do |f|
.fields-group
- if use_seamless_external_login?
= f.input :email, autofocus: true, wrapper: :with_label, label: t('simple_form.labels.defaults.username_or_email'), input_html: { 'aria-label' => t('simple_form.labels.defaults.username_or_email') }, hint: false
- else
= f.input :email, autofocus: true, wrapper: :with_label, label: t('simple_form.labels.defaults.email'), input_html: { 'aria-label' => t('simple_form.labels.defaults.email') }, hint: false
.fields-group
= f.input :password, wrapper: :with_label, label: t('simple_form.labels.defaults.password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.password'), :autocomplete => 'off' }, hint: false
.actions
= f.button :button, t('auth.login'), type: :submit
.actions
= f.button :button, t('auth.login'), type: :submit
- if devise_mapping.omniauthable? and resource_class.omniauth_providers.any?
.simple_form.alternative-login
......
......@@ -19,6 +19,7 @@ en:
discover_users: Discover users
documentation: Documentation
federation_hint_html: With an account on %{instance} you'll be able to follow people on any Mastodon server and beyond.
sso_only_hint: This server uses single sign-on only, please use the sign-in button to register a new account.
get_apps: Try a mobile app
hosted_on: Mastodon hosted on %{domain}
instance_actor_flash: |
......@@ -624,6 +625,9 @@ en:
spam_check_enabled:
desc_html: Mastodon can auto-report accounts that send repeated unsolicited messages. There may be false positives.
title: Anti-spam automation
sso_only_enabled:
desc_html: Mastodon will assume SSO providers only should be used and will stop displaying sign-in or sign-up forms.
title: Use single sign-on only
thumbnail:
desc_html: Used for previews via OpenGraph and API. 1200x630px recommended
title: Server thumbnail
......@@ -746,8 +750,8 @@ en:
migrate_account_html: If you wish to redirect this account to a different one, you can <a href="%{path}">configure it here</a>.
or_log_in_with: Or log in with
providers:
cas: CAS
saml: SAML
cas: Log in using CAS
saml: Log in using SAML
register: Sign up
registration_closed: "%{instance} is not accepting new members"
resend_confirmation: Resend confirmation instructions
......
......@@ -68,6 +68,7 @@ defaults: &defaults
peers_api_enabled: true
show_known_fediverse_at_about_page: true
spam_check_enabled: true
sso_only_enabled: false
show_domain_blocks: 'disabled'
show_domain_blocks_rationale: 'disabled'
require_invite_text: false
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment