Add setting to disable user features when user login type is not plain (#29615)

## Changes - Adds setting `EXTERNAL_USER_DISABLE_FEATURES` to disable any supported user features when login type is not plain - In general, this is necessary for SSO implementations to avoid inconsistencies between the external account management and the linked account - Adds helper functions to encourage correct use
2024-03-29 11:05:41 -04:00 · 2024-03-29 11:05:41 -04:00 · 59d4aadba5
commit 59d4aadba5
parent 849eee8db7
9 changed files with 84 additions and 16 deletions
--- a/routers/api/v1/user/gpg_key.go
+++ b/routers/api/v1/user/gpg_key.go
@ -10,6 +10,7 @@ import (

 	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/web"
@ -133,7 +134,7 @@ func GetGPGKey(ctx *context.APIContext) {

 // CreateUserGPGKey creates new GPG key to given user by ID.
 func CreateUserGPGKey(ctx *context.APIContext, form api.CreateGPGKeyOption, uid int64) {
-	if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageGPGKeys) {
+	if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) {
 		ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited"))
 		return
 	}
@ -274,7 +275,7 @@ func DeleteGPGKey(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"

-	if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageGPGKeys) {
+	if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) {
 		ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited"))
 		return
 	}