Add setting to disable user features when user login type is not plain (#29615)

- Adds setting `EXTERNAL_USER_DISABLE_FEATURES` to disable any supported user features when login type is not plain - In general, this is necessary for SSO implementations to avoid inconsistencies between the external account management and the linked account - Adds helper functions to encourage correct use (cherry picked from commit 59d4aadba5c15d02f3b9f0e61abb7476870c20a5) Conflicts: - docs/content/administration/config-cheat-sheet.en-us.md Removed. - modules/setting/admin.go Trivial resolution: pick the newly added struct member.
2024-03-29 11:05:41 -04:00 · 2024-03-29 11:05:41 -04:00 · e08f05b069
commit e08f05b069
parent ee33869f84
8 changed files with 77 additions and 13 deletions
--- a/modules/setting/admin.go
+++ b/modules/setting/admin.go
@ -3,7 +3,9 @@

 package setting

-import "code.gitea.io/gitea/modules/container"
+import (
+	"code.gitea.io/gitea/modules/container"
+)

 // Admin settings
 var Admin struct {
@ -11,6 +13,7 @@ var Admin struct {
 	DefaultEmailNotification       string
 	SendNotificationEmailOnNewUser bool
 	UserDisabledFeatures           container.Set[string]
+	ExternalUserDisableFeatures    container.Set[string]
 }

 func loadAdminFrom(rootCfg ConfigProvider) {
@ -18,6 +21,7 @@ func loadAdminFrom(rootCfg ConfigProvider) {
 	Admin.DisableRegularOrgCreation = sec.Key("DISABLE_REGULAR_ORG_CREATION").MustBool(false)
 	Admin.DefaultEmailNotification = sec.Key("DEFAULT_EMAIL_NOTIFICATIONS").MustString("enabled")
 	Admin.UserDisabledFeatures = container.SetOf(sec.Key("USER_DISABLED_FEATURES").Strings(",")...)
+	Admin.ExternalUserDisableFeatures = container.SetOf(sec.Key("EXTERNAL_USER_DISABLE_FEATURES").Strings(",")...)
 }

 const (