feat: TICKET 0009388: Allow to force authentication to SSO (#382)

Co-authored-by: atisne <aurelien.tisne@cs-soprasteria.com>

Author: atisne

config.inc.php

@@ -522,6 +522,9 @@
 //$tlCfg->authentication['SSO_uid_field'] = 'REMOTE_USER';
 //$tlCfg->authentication['SSO_user_target_dbfield'] = 'email';
 
+// Allow to restrict authentication to SSO
+$tlCfg->authentication['sso_only'] = false;
+
 
 /**
  * LDAP authentication credentials, Multiple LDAP Servers can be used. 

gui/templates/dashio/login/login-model-marcobiedermann.tpl

@@ -49,6 +49,7 @@
             <input type="hidden" name="ssodisable" value="{$gui->ssodisable}"/>
             {/if}
 
+            {if ! $gui->authCfg['sso_only']}
             <div class="form__field">
               <label for="tl_login"><i class="fa fa-user"></i></label>
               <input maxlength="{#LOGIN_MAXLEN#}" name="tl_login" id="tl_login" type="text" class="form__input" placeholder="{$labels.login_name}" required>
@@ -62,6 +63,7 @@
             <div class="form__field">
               <input id="tl_login_button" type="submit" value="{$labels.btn_login}">
             </div>
+            {/if}
 
             {foreach from=$gui->oauth item=oauth_item}
                 <div class="button">

gui/templates/tl-classic/login/login-model-marcobiedermann.tpl

@@ -49,6 +49,7 @@
             <input type="hidden" name="ssodisable" value="{$gui->ssodisable}"/>
             {/if}
 
+            {if ! $gui->authCfg['sso_only']}
             <div class="form__field">
               <label for="tl_login"><i class="fa fa-user"></i></label>
               <input maxlength="{#LOGIN_MAXLEN#}" name="tl_login" id="tl_login" type="text" class="form__input" placeholder="{$labels.login_name}" required>
@@ -62,6 +63,7 @@
             <div class="form__field">
               <input id="tl_login_button" type="submit" value="{$labels.btn_login}">
             </div>
+            {/if}
 
             {foreach from=$gui->oauth item=oauth_item}
                 <div class="button">

login.php

@@ -246,13 +246,17 @@ function init_gui(&$db,$args) {
     }
   }
 
-  $gui->external_password_mgmt = false;
-  $domain = $gui->authCfg['domain'];
-  $mm = $gui->authCfg['method'];
-  if( isset($domain[$mm]) ) {
-    $ac = $domain[$mm];
-    $gui->external_password_mgmt = !$ac['allowPasswordManagement'];
-  }  
+  if (isset($gui->authCfg['sso_only']) && $gui->authCfg['sso_only']) {
+    $gui->external_password_mgmt = true;
+  } else {
+    $gui->external_password_mgmt = false;
+    $domain = $gui->authCfg['domain'];
+    $mm = $gui->authCfg['method'];
+    if( isset($domain[$mm]) ) {
+      $ac = $domain[$mm];
+      $gui->external_password_mgmt = !$ac['allowPasswordManagement'];
+    }
+  }
 
   $gui->login_disabled = (('LDAP' == $gui->authCfg['method']) && !checkForLDAPExtension()) ? 1 : 0;