diff --git a/lib/mv_web/live/global_settings_live.ex b/lib/mv_web/live/global_settings_live.ex index b67b6ac..a55edf6 100644 --- a/lib/mv_web/live/global_settings_live.ex +++ b/lib/mv_web/live/global_settings_live.ex @@ -58,6 +58,8 @@ defmodule MvWeb.GlobalSettingsLive do |> assign(:oidc_client_secret_env_set, Mv.Config.oidc_client_secret_env_set?()) |> assign(:oidc_admin_group_name_env_set, Mv.Config.oidc_admin_group_name_env_set?()) |> assign(:oidc_groups_claim_env_set, Mv.Config.oidc_groups_claim_env_set?()) + |> assign(:oidc_only_env_set, Mv.Config.oidc_only_env_set?()) + |> assign(:oidc_configured, Mv.Config.oidc_configured?()) |> assign(:oidc_client_secret_set, present?(settings.oidc_client_secret)) |> assign_form() @@ -293,12 +295,36 @@ defmodule MvWeb.GlobalSettingsLive do ) } /> +
+ +

+ {gettext( + "When enabled and OIDC is configured, the sign-in page shows only the Single Sign-On button." + )} +

+
<.button :if={ not (@oidc_client_id_env_set and @oidc_base_url_env_set and @oidc_redirect_uri_env_set and @oidc_client_secret_env_set and - @oidc_admin_group_name_env_set and @oidc_groups_claim_env_set) + @oidc_admin_group_name_env_set and @oidc_groups_claim_env_set and + @oidc_only_env_set) } phx-disable-with={gettext("Saving...")} variant="primary" @@ -419,8 +445,17 @@ defmodule MvWeb.GlobalSettingsLive do end defp assign_form(%{assigns: %{settings: settings}} = socket) do - # Never put API key / client secret into form/DOM to avoid secret leak - settings_for_form = %{settings | vereinfacht_api_key: nil, oidc_client_secret: nil} + # Show ENV values in disabled fields (Vereinfacht and OIDC); never expose API key / client secret + settings_display = + settings + |> merge_vereinfacht_env_values() + |> merge_oidc_env_values() + + settings_for_form = %{ + settings_display + | vereinfacht_api_key: nil, + oidc_client_secret: nil + } form = AshPhoenix.Form.for_update( @@ -434,6 +469,66 @@ defmodule MvWeb.GlobalSettingsLive do assign(socket, form: to_form(form)) end + defp put_if_env_set(map, _key, false, _value), do: map + defp put_if_env_set(map, key, true, value), do: Map.put(map, key, value) + + defp merge_vereinfacht_env_values(s) do + s + |> put_if_env_set( + :vereinfacht_api_url, + Mv.Config.vereinfacht_api_url_env_set?(), + Mv.Config.vereinfacht_api_url() + ) + |> put_if_env_set( + :vereinfacht_club_id, + Mv.Config.vereinfacht_club_id_env_set?(), + Mv.Config.vereinfacht_club_id() + ) + |> put_if_env_set( + :vereinfacht_app_url, + Mv.Config.vereinfacht_app_url_env_set?(), + Mv.Config.vereinfacht_app_url() + ) + end + + defp merge_oidc_env_values(s) do + s + |> put_if_env_set( + :oidc_client_id, + Mv.Config.oidc_client_id_env_set?(), + Mv.Config.oidc_client_id() + ) + |> put_if_env_set( + :oidc_base_url, + Mv.Config.oidc_base_url_env_set?(), + Mv.Config.oidc_base_url() + ) + |> put_if_env_set( + :oidc_redirect_uri, + Mv.Config.oidc_redirect_uri_env_set?(), + Mv.Config.oidc_redirect_uri() + ) + |> put_if_env_set( + :oidc_admin_group_name, + Mv.Config.oidc_admin_group_name_env_set?(), + Mv.Config.oidc_admin_group_name() + ) + |> put_if_env_set( + :oidc_groups_claim, + Mv.Config.oidc_groups_claim_env_set?(), + Mv.Config.oidc_groups_claim() + ) + |> put_if_oidc_only_env_set() + end + + defp put_if_oidc_only_env_set(s) do + if Mv.Config.oidc_only_env_set?() do + Map.put(s, :oidc_only, Mv.Config.oidc_only?()) + else + s + end + end + defp enrich_sync_errors([]), do: [] defp enrich_sync_errors(errors) when is_list(errors) do