feat: handle disabled auth strategies

server/db/migrations/2.5.1.js

@@ -1,9 +1,15 @@
 exports.up = async knex => {
-  await knex('authentication').where('isEnabled', false).del()
+  // Check for users using disabled strategies
+  const disabledStrategies = await knex('authentication').where('isEnabled', false)
+  const incompatibleUsers = await knex('users').distinct('providerKey').whereIn('providerKey', disabledStrategies.map(s => s.key))
+  const protectedStrategies = (incompatibleUsers && incompatibleUsers.length > 0) ? incompatibleUsers.map(u => u.providerKey) : []
 
+  // Delete disabled strategies
+  await knex('authentication').whereNotIn('key', protectedStrategies).andWhere('isEnabled', false).del()
+
+  // Update table schema
   await knex.schema
     .alterTable('authentication', table => {
-      table.dropColumn('isEnabled')
       table.integer('order').unsigned().notNullable().defaultTo(0)
       table.string('strategyKey').notNullable().defaultTo('')
       table.string('displayName').notNullable().defaultTo('')

server/db/migrations/2.5.108.js

@@ -0,0 +1,14 @@
+const has = require('lodash/has')
+
+exports.up = async knex => {
+  // -> Fix 2.5.1 added isEnabled columns for beta users
+  const localStrategy = await knex('authentication').where('key', 'local')
+  if (!has(localStrategy, 'isEnabled')) {
+    await knex.schema
+      .alterTable('authentication', table => {
+        table.boolean('isEnabled').notNullable().defaultTo(true)
+      })
+  }
+}
+
+exports.down = knex => { }

server/graph/resolvers/authentication.js

@@ -70,7 +70,7 @@ module.exports = {
           }, []), 'key')
         }
       })
-      return strategies
+      return args.enabledOnly ? _.filter(strategies, 'isEnabled') : strategies
     }
   },
   AuthenticationMutation: {
@@ -199,18 +199,12 @@ module.exports = {
      */
     async updateStrategies (obj, args, context) {
       try {
-        // WIKI.config.auth = {
-        //   audience: _.get(args, 'config.audience', WIKI.config.auth.audience),
-        //   tokenExpiration: _.get(args, 'config.tokenExpiration', WIKI.config.auth.tokenExpiration),
-        //   tokenRenewal: _.get(args, 'config.tokenRenewal', WIKI.config.auth.tokenRenewal)
-        // }
-        // await WIKI.configSvc.saveToDb(['auth'])
-
         const previousStrategies = await WIKI.models.authentication.getStrategies()
         for (const str of args.strategies) {
           const newStr = {
             displayName: str.displayName,
             order: str.order,
+            isEnabled: str.isEnabled,
             config: _.reduce(str.config, (result, value, key) => {
               _.set(result, `${value.key}`, _.get(JSON.parse(value.value), 'v', null))
               return result

server/graph/schemas/authentication.graphql

@@ -20,7 +20,10 @@ type AuthenticationQuery {
   apiState: Boolean! @auth(requires: ["manage:system", "manage:api"])
 
   strategies: [AuthenticationStrategy] @auth(requires: ["manage:system"])
-  activeStrategies: [AuthenticationActiveStrategy]
+
+  activeStrategies(
+    enabledOnly: Boolean
+  ): [AuthenticationActiveStrategy]
 }
 
 # -----------------------------------------------
@@ -102,6 +105,7 @@ type AuthenticationActiveStrategy {
   strategy: AuthenticationStrategy!
   displayName: String!
   order: Int!
+  isEnabled: Boolean!
   config: [KeyValuePair] @auth(requires: ["manage:system"])
   selfRegistration: Boolean!
   domainWhitelist: [String]! @auth(requires: ["manage:system"])
@@ -130,6 +134,7 @@ input AuthenticationStrategyInput {
   config: [KeyValuePairInput]
   displayName: String!
   order: Int!
+  isEnabled: Boolean!
   selfRegistration: Boolean!
   domainWhitelist: [String]!
   autoEnrollGroups: [Int]!

server/models/users.js

@@ -277,6 +277,10 @@ module.exports = class User extends Model {
   static async login (opts, context) {
     if (_.has(WIKI.auth.strategies, opts.strategy)) {
       const selStrategy = _.get(WIKI.auth.strategies, opts.strategy)
+      if (!selStrategy.isEnabled) {
+        throw new WIKI.Error.AuthProviderInvalid()
+      }
+
       const strInfo = _.find(WIKI.data.authentication, ['key', selStrategy.strategyKey])
 
       // Inject form user/pass