Allow to disable the password-based login (sign-in) form (#32687)

Usually enterprise/organization users would like to only allow OAuth2 login. This PR adds a new config option to disable the password-based login form. It is a simple and clear approach and won't block the future login-system refactoring works. Fix a TODO in #24821 Replace #21851 Close #7633 , close #13606
2025-07-22 18:28:37 +00:00 · 2024-12-02 02:03:15 +08:00
parent 1bb1a51f47
commit def13ece7c
7 changed files with 73 additions and 48 deletions
--- a/tests/integration/signin_test.go
+++ b/tests/integration/signin_test.go
@@ -12,6 +12,7 @@ import (
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/test"
 	"code.gitea.io/gitea/modules/translation"
 	"code.gitea.io/gitea/tests"

@@ -91,3 +92,31 @@ func TestSigninWithRememberMe(t *testing.T) {
 	req = NewRequest(t, "GET", "/user/settings")
 	session.MakeRequest(t, req, http.StatusOK)
 }
+
+func TestEnablePasswordSignInForm(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("EnablePasswordSignInForm=false", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		defer test.MockVariableValue(&setting.Service.EnablePasswordSignInForm, false)()
+
+		req := NewRequest(t, "GET", "/user/login")
+		resp := MakeRequest(t, req, http.StatusOK)
+		NewHTMLParser(t, resp.Body).AssertElement(t, "form[action='/user/login']", false)
+
+		req = NewRequest(t, "POST", "/user/login")
+		MakeRequest(t, req, http.StatusForbidden)
+	})
+
+	t.Run("EnablePasswordSignInForm=true", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		defer test.MockVariableValue(&setting.Service.EnablePasswordSignInForm, true)()
+
+		req := NewRequest(t, "GET", "/user/login")
+		resp := MakeRequest(t, req, http.StatusOK)
+		NewHTMLParser(t, resp.Body).AssertElement(t, "form[action='/user/login']", true)
+
+		req = NewRequest(t, "POST", "/user/login")
+		MakeRequest(t, req, http.StatusOK)
+	})
+}