diff --git a/lib/config.ts b/lib/config.ts index f9b1f33..1d44fef 100644 --- a/lib/config.ts +++ b/lib/config.ts @@ -16,6 +16,7 @@ export class AppConfig { allowedCookieDomains: [], skipCookieDomainSecurity: false, enableSingleSignOn: false, + enableSingleSignOnSignUp: false, singleSignOnUrl: '', singleSignOnEmailAttribute: 'email', singleSignOnScopes: ['openid', 'email'], @@ -117,11 +118,10 @@ export class AppConfig { return this.config; } - static async isSignupAllowed(): Promise { + static async isSignupAllowed(sso: boolean=false): Promise { await this.loadConfig(); - const areSignupsAllowed = this.config.auth.allowSignups; - + const areSignupsAllowed = (sso) ? this.config.auth.enableSingleSignOnSignUp : this.config.auth.allowSignups; const areThereAdmins = await UserModel.isThereAnAdmin(); if (areSignupsAllowed || !areThereAdmins) { diff --git a/lib/models/oidc.ts b/lib/models/oidc.ts index 3010aef..f9b7d68 100644 --- a/lib/models/oidc.ts +++ b/lib/models/oidc.ts @@ -169,7 +169,7 @@ export class OidcModel { throw new Error(`Missing user/${emailAttribute}`); } - const isSignupAllowed = await AppConfig.isSignupAllowed(); + const isSignupAllowed = await AppConfig.isSignupAllowed(true); const isThereAnAdmin = await UserModel.isThereAnAdmin(); // Confirm the user exists (or signup if allowed) diff --git a/lib/types.ts b/lib/types.ts index 65961d1..f8805be 100644 --- a/lib/types.ts +++ b/lib/types.ts @@ -159,6 +159,8 @@ export interface Config { skipCookieDomainSecurity: boolean; /** If true, single sign-on will be enabled */ enableSingleSignOn: boolean; + /** If true, single sign-on signups will be enabled overriding allowSignups */ + enableSingleSignOnSignUp: boolean; /** The Discovery URL (AKA Issuer) of the identity/single sign-on provider */ singleSignOnUrl: string; /** The attribute to prefer as email of the identity/single sign-on provider */