feat(account): add operator controls for sign-up and guest login#10949
Open
MichaelUray wants to merge 6 commits into
Open
feat(account): add operator controls for sign-up and guest login#10949MichaelUray wants to merge 6 commits into
MichaelUray wants to merge 6 commits into
Conversation
…inCapabilities When DISABLE_SIGNUP=true on the account service, the signUp and signUpOtp operations throw Forbidden — preventing manual sign-ups even via direct API calls, not just hiding the UI tab. When DISABLE_GUEST_LOGIN=true, the loginAsGuest operation throws Forbidden without touching the database. Combined with the existing AccountNotFound branch (no guest person row), the guest login is fully controllable via env or DB state. A new getLoginCapabilities operation lets the client query both flags so the UI can hide the corresponding affordances. It reports signUpEnabled (false iff DISABLE_SIGNUP=true) and guestLoginAvailable (false iff DISABLE_GUEST_LOGIN=true OR no read-only guest person row exists). The client RPC stub is added to AccountClient as well. Signed-off-by: Michael Uray <michael.uray@gmail.com> Signed-off-by: Michael Uray <michaeluray@users.noreply.github.com>
…lities
LoginForm now queries getLoginCapabilities on mount and uses the result
to gate two UI affordances:
- effectiveSignUpDisabled OR-s the existing signUpDisabled prop with
!signUpEnabled from the server, so the Sign Up tab disappears when
the account service reports sign-up disabled (DISABLE_SIGNUP=true).
- The "Continue as guest" button is rendered only when
guestLoginAvailable is true, which the server reports as false when
either DISABLE_GUEST_LOGIN=true or the read-only guest person row is
not present in the DB.
fetchLoginCapabilities returns { signUpEnabled: true,
guestLoginAvailable: true } on any RPC error to keep both controls
visible when talking to older account services without the endpoint.
Signed-off-by: Michael Uray <michael.uray@gmail.com>
Signed-off-by: Michael Uray <michaeluray@users.noreply.github.com>
…in-capabilities Signed-off-by: Michael Uray <michaeluray@users.noreply.github.com>
Signed-off-by: Michael Uray <michaeluray@users.noreply.github.com>
|
Connected to Huly®: UBERF-16600 |
…ilities-disable-signup-guest Signed-off-by: Michael Uray <michaeluray@users.noreply.github.com>
…DB probing (L-AUTH-1) getLoginCapabilities ist unauthenticated und traf pro anonymem Aufruf die DB (db.person.findOne auf den Guest-Account) -> Existenz-Probing + DB-Last. Guest-Person-Zustand aendert sich praktisch nie: Ergebnis jetzt mit 60s-TTL modul-lokal gecacht. resetGuestPersonCache() fuer Tests/Ops. Signed-off-by: Michael Uray <michaeluray@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two opt-in operator env vars to gate self-service authentication paths that some deployments deliberately don't expose:
DISABLE_SIGNUP=trueon the account service — keeps the existing method-registry hiding forsignUp/signUpOtp, and adds an earlyForbiddenguard if those operations are invoked directly.DISABLE_GUEST_LOGIN=trueon the account service —loginAsGuestrejects withForbiddenbefore the existingAccountNotFoundlookup.A new
getLoginCapabilitiesaccount operation exposes both states (plus an availability check for the read-only-guest DB row) so the login UI can hide the corresponding affordances cleanly instead of letting users click into a backend error.Why
DISABLE_SIGNUPenv that hides the Sign Up tab via login metadata. This PR adds the matching server-side enforcement so direct API callers can't bypass it.AccountNotFound.Behaviour matrix
signUploginAsGuestDISABLE_SIGNUP=true403 ForbiddenDISABLE_GUEST_LOGIN=true403 ForbiddenDefault behaviour (neither env set) is identical to today — single-host / open-signup deployments need no action.
What's added
Server (
server/account)signUp,signUpOtp: existing method-registry hiding remains whenDISABLE_SIGNUP=true; direct operation calls now returnForbiddenbefore DB access.loginAsGuest: earlyForbiddenguard whenDISABLE_GUEST_LOGIN=true. The pre-existingAccountNotFoundpath remains for the DB-row-missing case.getLoginCapabilitiesoperation: returns{ signUpEnabled, guestLoginAvailable }.guestLoginAvailableistrueonly when (a) the env var is not set, and (b) the read-only-guest person row exists inglobal_account.person.Account client (
packages/account-client)AccountClient.getLoginCapabilities()method added.Login UI (
plugins/login-resources)LoginForm.sveltefetches capabilities on mount, hides the Sign Up tab + guest button accordingly.Security / compatibility
getLoginCapabilitiesonly exposes minimal unauthenticated booleans needed by the login page.Out of scope
hasSignUp/getMethods()registry behaviour is preserved. The new in-operation guard keeps direct callers consistent with the advertised disabled state.Tests / verification
server/accountjest: 180 / 180 pass inoperations.test.ts+serviceOperations.test.ts(filtered run; full suite has pre-existing CockroachDB-infra failures inpostgres-real.test.tsunrelated to this PR).plugins/login-resourcesjest: 7 / 7 pass (existing suites, UI changes covered by visual review).DCO
Both commits are Signed-off-by Michael Uray. Maintainer edits are enabled.