[Q] Tutorial to enable GitLab/GitHub OAuth while keeping PUBLIC_REGISTER_ENABLED=False

[LouisSung]

TL;DR

1. Mount your own config.py with #L151 to be updated to override /taiga-back/settings/config.py (container taiga-back)

   # [taiga-back]docker/config.py#L151
   
   # if PUBLIC_REGISTER_ENABLED and ENABLE_GITLAB_AUTH: ❌
   if ENABLE_GITLAB_AUTH: # ✅

2. Mount your own config_env_subst.sh with #L25 to be updated to override /docker-entrypoint.d/30_config_env_subst.sh (container taiga-front)
   Note that the sed here is to update the condition check (see 2.i below) in the compiled dist app.js at taiga-back@6.5.1 (i.e., v-1643209941013)

   # [taiga-front]docker/config_env_subst.sh#L25
   
   sed -i 's/return e.get("publicRegisterEnabled")/return true/' /usr/share/nginx/html/v-1643209941013/js/app.js # ✅
   # if [ ${PUBLIC_REGISTER_ENABLED} == "true" ]; then ❌
   if true; then # ✅

3. (Optional) To disable default login form, mount your own conf.json with #L13 to be updated to override /usr/share/nginx/html/conf.json.template (container taiga-front)

       "defaultLoginEnabled": false,

---

Background

According to #15 and README.md@6.5.0
The GitLab OAuth requires PUBLIC_REGISTER_ENABLED=True to be set.
However, it's dangerous to keep public register enabled, as one can register with random data and get access to your Taiga instance.

Therefore I spend some time to survey how to adopt a minimal modification to keep PUBLIC_REGISTER_ENABLED=False and GitLab (or GitHub) OAuth enabled.

---

Root Cause

1. By setting PUBLIC_REGISTER_ENABLED=False for taiga-back:

   1. the INSTALLED_APPS += [ "taiga_contrib_github_auth"] is skipped and leads the invalid login type error being raised.
      • Fixed with config.py

2. By setting PUBLIC_REGISTER_ENABLED=false for taiga-front:

   1. the templateFn returns "" due to if not publicRegisterEnabled and leads the button be hidden
      • Fixed with sed -i that force the condition become true?():"" and never return empty string
   2. the contribs+=('"plugins/gitlab-auth/gitlab-auth.json"') is skipped and leads the login button not shown even the 2.1 is adopted
      • Fixed with 30_config_env_subst.sh

---

Expected Result

1. PUBLIC_REGISTER_ENABLED=false and PUBLIC_REGISTER_ENABLED=False (the taiga-back MUST be False)

2. Only Login bottom is shown
   

3. Register page should be not found when PUBLIC_REGISTER_ENABLED=false
   

4. Public registration should be FAILED when PUBLIC_REGISTER_ENABLED=true but PUBLIC_REGISTER_ENABLED=False
   

---

Note That

1. EVERY user from the GitLab instance can STILL register a new account, as the (non-public) registration is NOT blocked!!

2. Any change to taiga-front configs auto generated from the template requires 1. the container to be reset / removed & recreated and 2. reload the page using Clear Cache and Hard Reload mode!!

[LouisSung]

closed as not a real question but a tutorial instead