Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable password reset and hide login form with SSO #8467

Merged
merged 2 commits into from
Jun 12, 2024
Merged

Disable password reset and hide login form with SSO #8467

merged 2 commits into from
Jun 12, 2024

Conversation

willbarton
Copy link
Member

This PR does two things if SSO is enabled:

  • Disables password resetting (via Wagtail's WAGTAIL_PASSWORD_RESET_ENABLED setting) and removes our password reset override template
  • Hides the username/password login form behind an "Other ways to sign in" link on the login page

The second is accomplished by checking if a GET parameter (others) is provided when SSO is enabled, and if it is not, overriding the Wagtail login page's login_form and submit_buttons blocks.

How to test this PR

  • Test without SSO enabled and ensure the login form displays correctly as usual, and the "Forgot password" link is available.

  • Set the SSO environment variables listed in .env_SAMPLE. A test OIDC provider is not required for the login page to show the SSO button, and for the functionality of the "Other ways to sign in" link to be tested, but the values have to be defined for the site to run.

  • Visit https://localhost:8000/admin

  • Observe the username/password form is not displayed

  • Click the "Other ways to sign in" link

  • Observe the username/password form is displayed

  • Observe that the "Forgot password" link is not shown

Screenshots

SSO form with others link

Checklist

  • PR has an informative and human-readable title
  • Changes are limited to a single goal (no scope creep)

@willbarton
Disable password reset and remove override template
ba37ec6 
This change removes our custom password reset override template and disables password reset when SSO is enabled.
@willbarton
Move the SSO button to top and hide login fields
a15ffc2 
This change moves our SSO button to the top and hides login fields behind an "Other ways to sign in" link if SSO is enabled.
@willbarton willbarton added this pull request to the merge queue Jun 12, 2024
Merged via the queue into main with commit 90db013 Jun 12, 2024
11 of 12 checks passed
@willbarton willbarton deleted the sso/disable-password-reset branch June 12, 2024 19:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@csebianlander csebianlander csebianlander approved these changes

@chosak chosak Awaiting requested review from chosak

@anselmbradford anselmbradford Awaiting requested review from anselmbradford

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@willbarton @csebianlander