From 04c31374afd49de014761e080ac96a95cc172a94 Mon Sep 17 00:00:00 2001
From: Georges-Antoine Assi <contact@me.gantoine.com>
Date: Tue, 7 Jan 2025 17:28:13 -0500
Subject: [PATCH] disable login endpoint as wel

---
 backend/endpoints/auth.py             |  6 +-
 backend/exceptions/auth_exceptions.py |  5 ++
 frontend/src/views/Auth/Login.vue     | 87 +++++++++++++--------------
 3 files changed, 53 insertions(+), 45 deletions(-)

diff --git a/backend/endpoints/auth.py b/backend/endpoints/auth.py
index acc71000f..2a8f839ed 100644
--- a/backend/endpoints/auth.py
+++ b/backend/endpoints/auth.py
@@ -1,7 +1,7 @@
 from datetime import datetime, timedelta, timezone
 from typing import Annotated, Final
 
-from config import OIDC_ENABLED, OIDC_REDIRECT_URI
+from config import DISABLE_USERPASS_LOGIN, OIDC_ENABLED, OIDC_REDIRECT_URI
 from decorators.auth import oauth
 from endpoints.forms.identity import OAuth2RequestForm
 from endpoints.responses import MessageResponse
@@ -11,6 +11,7 @@ from exceptions.auth_exceptions import (
     OIDCDisabledException,
     OIDCNotConfiguredException,
     UserDisabledException,
+    UserPassDisabledException,
 )
 from fastapi import Depends, HTTPException, Request, status
 from fastapi.responses import RedirectResponse
@@ -45,6 +46,9 @@ def login(
         MessageResponse: Standard message response
     """
 
+    if DISABLE_USERPASS_LOGIN:
+        raise UserPassDisabledException
+
     user = auth_handler.authenticate_user(credentials.username, credentials.password)
     if not user:
         raise AuthCredentialsException
diff --git a/backend/exceptions/auth_exceptions.py b/backend/exceptions/auth_exceptions.py
index 66db919bf..e49c41fbb 100644
--- a/backend/exceptions/auth_exceptions.py
+++ b/backend/exceptions/auth_exceptions.py
@@ -1,5 +1,10 @@
 from fastapi import HTTPException, status
 
+UserPassDisabledException = HTTPException(
+    status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+    detail="Username/password authentication disabled",
+)
+
 AuthCredentialsException = HTTPException(
     status_code=status.HTTP_401_UNAUTHORIZED,
     detail="Incorrect username or password",
diff --git a/frontend/src/views/Auth/Login.vue b/frontend/src/views/Auth/Login.vue
index 05f087fe1..2c3a65ff2 100644
--- a/frontend/src/views/Auth/Login.vue
+++ b/frontend/src/views/Auth/Login.vue
@@ -74,10 +74,10 @@ async function loginOIDC() {
 
 <template>
   <v-card class="translucent-dark py-8 px-5" width="500">
-    <v-img src="/assets/isotipo.svg" class="mx-auto" width="150" />
+    <v-img src="/assets/isotipo.svg" class="mx-auto mb-4" width="150" />
     <v-row class="text-white justify-center mt-2" no-gutters>
       <v-col cols="10">
-        <v-form @submit.prevent="login">
+        <v-form v-if="!loginDisabled" @submit.prevent="login">
           <v-text-field
             v-model="username"
             :label="t('login.username')"
@@ -99,7 +99,6 @@ async function loginOIDC() {
             variant="underlined"
           />
           <v-btn
-            v-if="!loginDisabled"
             type="submit"
             class="bg-terciary mt-4"
             variant="text"
@@ -120,48 +119,48 @@ async function loginOIDC() {
               />
             </template>
           </v-btn>
-          <template v-if="oidcEnabled">
-            <v-divider v-if="!loginDisabled" class="my-4">
-              <template #default>
-                <span class="px-1">{{ t("login.or") }}</span>
-              </template>
-            </v-divider>
-            <v-btn
-              block
-              type="submit"
-              class="bg-terciary"
-              variant="text"
-              :disabled="loggingInOIDC || loggingIn"
-              :loading="loggingInOIDC"
-              @click="loginOIDC()"
-            >
-              <template v-if="oidcProvider" #prepend>
-                <v-icon size="20">
-                  <v-img
-                    :src="`/assets/dashboard-icons/${oidcProvider.toLowerCase()}.png`"
-                  >
-                    <template #error>
-                      <v-icon size="20">mdi-key</v-icon>
-                    </template>
-                  </v-img>
-                </v-icon>
-              </template>
-              {{
-                t("login.login-oidc", {
-                  oidc: oidcProvider || "OIDC",
-                })
-              }}
-              <template #loader>
-                <v-progress-circular
-                  color="romm-accent-1"
-                  :width="2"
-                  :size="20"
-                  indeterminate
-                />
-              </template>
-            </v-btn>
-          </template>
         </v-form>
+        <template v-if="oidcEnabled">
+          <v-divider v-if="!loginDisabled" class="my-4">
+            <template #default>
+              <span class="px-1">{{ t("login.or") }}</span>
+            </template>
+          </v-divider>
+          <v-btn
+            block
+            type="submit"
+            class="bg-terciary"
+            variant="text"
+            :disabled="loggingInOIDC || loggingIn"
+            :loading="loggingInOIDC"
+            @click="loginOIDC()"
+          >
+            <template v-if="oidcProvider" #prepend>
+              <v-icon size="20">
+                <v-img
+                  :src="`/assets/dashboard-icons/${oidcProvider.toLowerCase()}.png`"
+                >
+                  <template #error>
+                    <v-icon size="20">mdi-key</v-icon>
+                  </template>
+                </v-img>
+              </v-icon>
+            </template>
+            {{
+              t("login.login-oidc", {
+                oidc: oidcProvider || "OIDC",
+              })
+            }}
+            <template #loader>
+              <v-progress-circular
+                color="romm-accent-1"
+                :width="2"
+                :size="20"
+                indeterminate
+              />
+            </template>
+          </v-btn>
+        </template>
       </v-col>
     </v-row>
   </v-card>