OIDC-only sign-in, Vereinfacht connection test, locale defaults, and settings/docs cleanup #445

Merged

moritz merged 17 commits from feature/settings into main 2026-02-24 15:51:51 +01:00

Conversation 0 Commits 17 Files changed 45 +2187 -425

moritz commented 2026-02-24 15:18:09 +01:00

Owner

Copy link

OIDC-only sign-in, Vereinfacht connection test, locale defaults, and settings/docs cleanup

Description of the implemented changes

The changes were:

• Bugfixing
• New Feature
• Breaking Change
• Refactoring

Add an “OIDC-only” sign-in option (ENV + DB) so the login page can show only the Single Sign-On button when OIDC is fully configured; add a Vereinfacht connection test button in global settings; harden OIDC when not configured (no defaults in dev, MissingSecret instead of crashes); set default locale to German in dev/prod and English in test; document OIDC_ONLY and add German translations.

What has been changed?

• Vereinfacht integration: Connection test button in global Settings to verify Vereinfacht API URL, API Key and Club ID; test result (success/error) shown in the UI.
• Migration: New boolean column oidc_only on the settings table.
• Setting schema: New attribute oidc_only (boolean, default false) in Mv.Membership.Setting, included in OIDC-related attribute lists.
• Config: oidc_configured?/0 (true only when client_id, base_url, redirect_uri and client_secret are set); oidc_only?/0 (ENV OIDC_ONLY first, then Settings); oidc_only_env_set?/0 and helpers for ENV-vs-settings booleans.
• Secrets: OIDC secret callbacks return {:error, MissingSecret} when a value is nil/blank instead of {:ok, nil} to avoid crashes (e.g. URI.new(nil)).
• GlobalSettingsLive: Checkbox “Only OIDC sign-in (hide password login)” with help text, disabled when ENV sets OIDC_ONLY or when OIDC is not fully configured; merge of OIDC ENV values into the form (read-only when set via ENV), including oidc_only when OIDC_ONLY is set.
• Sign-in page: Custom SignInLive (router live_view override) with data-oidc-configured and data-oidc-only; CSS to hide SSO when OIDC not configured and to hide password form when OIDC-only; auth overrides for translatable “or” divider (German “oder”).
• Locale: Default locale German in dev/prod, English in test via config :mv, :default_locale, "en"; LiveUserAuth and router fallback_locale/1 use config; LocaleController validates supported locales only.
• Dev config: OIDC defaults in config/dev.exs commented out so SSO is hidden when OIDC is not configured.
• Docs and .env.example: OIDC_ONLY documented in docs/admin-bootstrap-and-oidc-role-sync.md; .env.example updated with commented OIDC_ONLY and short description.
• Gettext: New/updated strings and German translations for OIDC-only labels and auth “or”/“oder”; corrected “From OIDC_ONLY” translation.
• Tests: Auth controller tests accept both English and German sign-in/error messages; formatting fixes.

Definition of Done

Code Quality

• No new technical debt introduced
• Linting passed (just ci-dev)
• Documentation added where needed (OIDC_ONLY in docs and .env.example; config/setting descriptions)

Accessibility

• New elements use appropriate HTML (checkbox, labels, buttons, form structure)
• Colour contrast unchanged
• Aria labels where needed
• Keyboard and tab order unchanged
• Focus styling unchanged (DaisyUI)

Testing

• New behaviour covered by existing flows (sign-in, settings, auth controller tests)
• All tests pass (just ci-dev)
• axe-core dev tools (suggest manual check on sign-in and settings)

Additional Notes

• Run migration for oidc_only: mix ecto.migrate.
• Backward compatible: without OIDC_ONLY set, behaviour unchanged.
• Locale: default language German in dev/prod; tests use English via config :mv, :default_locale, "en".

# OIDC-only sign-in, Vereinfacht connection test, locale defaults, and settings/docs cleanup ## Description of the implemented changes The changes were: - [ ] Bugfixing - [x] New Feature - [ ] Breaking Change - [x] Refactoring Add an “OIDC-only” sign-in option (ENV + DB) so the login page can show only the Single Sign-On button when OIDC is fully configured; add a Vereinfacht connection test button in global settings; harden OIDC when not configured (no defaults in dev, MissingSecret instead of crashes); set default locale to German in dev/prod and English in test; document OIDC_ONLY and add German translations. ## What has been changed? - **Vereinfacht integration:** Connection test button in global Settings to verify Vereinfacht API URL, API Key and Club ID; test result (success/error) shown in the UI. - **Migration:** New boolean column `oidc_only` on the settings table. - **Setting schema:** New attribute `oidc_only` (boolean, default false) in `Mv.Membership.Setting`, included in OIDC-related attribute lists. - **Config:** `oidc_configured?/0` (true only when client_id, base_url, redirect_uri and client_secret are set); `oidc_only?/0` (ENV `OIDC_ONLY` first, then Settings); `oidc_only_env_set?/0` and helpers for ENV-vs-settings booleans. - **Secrets:** OIDC secret callbacks return `{:error, MissingSecret}` when a value is nil/blank instead of `{:ok, nil}` to avoid crashes (e.g. `URI.new(nil)`). - **GlobalSettingsLive:** Checkbox “Only OIDC sign-in (hide password login)” with help text, disabled when ENV sets `OIDC_ONLY` or when OIDC is not fully configured; merge of OIDC ENV values into the form (read-only when set via ENV), including `oidc_only` when `OIDC_ONLY` is set. - **Sign-in page:** Custom `SignInLive` (router `live_view` override) with `data-oidc-configured` and `data-oidc-only`; CSS to hide SSO when OIDC not configured and to hide password form when OIDC-only; auth overrides for translatable “or” divider (German “oder”). - **Locale:** Default locale German in dev/prod, English in test via `config :mv, :default_locale, "en"`; `LiveUserAuth` and router `fallback_locale/1` use config; LocaleController validates supported locales only. - **Dev config:** OIDC defaults in `config/dev.exs` commented out so SSO is hidden when OIDC is not configured. - **Docs and .env.example:** OIDC_ONLY documented in `docs/admin-bootstrap-and-oidc-role-sync.md`; `.env.example` updated with commented `OIDC_ONLY` and short description. - **Gettext:** New/updated strings and German translations for OIDC-only labels and auth “or”/“oder”; corrected “From OIDC_ONLY” translation. - **Tests:** Auth controller tests accept both English and German sign-in/error messages; formatting fixes. ## Definition of Done ### Code Quality - [x] No new technical debt introduced - [x] Linting passed (`just ci-dev`) - [x] Documentation added where needed (OIDC_ONLY in docs and .env.example; config/setting descriptions) ### Accessibility - [x] New elements use appropriate HTML (checkbox, labels, buttons, form structure) - [x] Colour contrast unchanged - [x] Aria labels where needed - [x] Keyboard and tab order unchanged - [x] Focus styling unchanged (DaisyUI) ### Testing - [x] New behaviour covered by existing flows (sign-in, settings, auth controller tests) - [x] All tests pass (`just ci-dev`) - [ ] axe-core dev tools (suggest manual check on sign-in and settings) ## Additional Notes - Run migration for `oidc_only`: `mix ecto.migrate`. - Backward compatible: without `OIDC_ONLY` set, behaviour unchanged. - Locale: default language German in dev/prod; tests use English via `config :mv, :default_locale, "en"`.

moritz self-assigned this 2026-02-24 15:18:09 +01:00

moritz added 14 commits 2026-02-24 15:18:10 +01:00

feat: add Vereinfacht connection test button to settings f29bbb02a2

feat: OIDC configuration in global Settings (ENV or DB) ... 8edbbac95f

- Add oidc_* attributes to Setting, migration and Config helpers
- Secrets and OidcRoleSyncConfig read from Config (ENV overrides DB)
- GlobalSettingsLive: OIDC section with disabled fields when ENV set
- OIDC role sync tests use DataCase for DB access

feat: Datafields page, merge fee types into membership_fee_settings, sidebar ... 62b37b9aa2

- Add /admin/datafields (DatafieldsLive) for member and custom field config
- Remove Memberdata block from GlobalSettingsLive
- Router: drop /membership_fee_types, add new_fee_type and edit_fee_type under membership_fee_settings
- MembershipFeeSettingsLive: fee types table, collapsible examples; Index links updated
- PagePaths: admin_datafields, admin_import; remove membership_fee_types
- Sidebar: order and labels (Basic settings, Datafields, Membership fee settings, Import, Users, Roles)
- Gettext: German translations for sidebar and OIDC
- Tests: datafields and fee routes, permission and form tests updated

Add migration: oidc_only boolean to settings table adb44241d9

Setting: add oidc_only boolean attribute (ENV + DB) e775fe118b

Config: oidc_configured?/0, oidc_only?/0, OIDC_ONLY ENV and settings fallback 4b31578f6c

Secrets: return MissingSecret when OIDC values nil to avoid crashes c49758fc46

GlobalSettings: oidc_only checkbox, ENV merge for OIDC, disable when OIDC not configured 3f73a36076

Sign-in: custom SignInLive, OIDC-only mode and hide OIDC when not configured, locale divider or/oder 2cab4b0de4

Locale: default German in dev/prod, English in test; validate locale in LocaleController 3a98f70ba5

Dev: comment out OIDC defaults so sign-in hides SSO when not configured 249fd12db0

Docs and .env.example: document OIDC_ONLY 2d1d1c62dc

Gettext: add DE/EN for OIDC-only labels and auth divider (or/oder) 7af65d997b

Tests: accept DE or EN in auth controller sign-in and error assertions 951d01dc4d

moritz added this to the Sprint 13: 19.02-26.02 project 2026-02-24 15:18:11 +01:00

moritz added 2 commits 2026-02-24 15:42:43 +01:00

Code review: SignInLive locale fallback, single root + id, CSS scoped to #sign-in-page, remove or-hack, refresh oidc_configured after save, tests assert English only fae1804fb1

Nitpick: add missing newline at EOF in settings resource_snapshots JSON files 89a48cbaf7

moritz changed title from WIP: OIDC-only sign-in, Vereinfacht connection test, locale defaults, and settings/docs cleanup to OIDC-only sign-in, Vereinfacht connection test, locale defaults, and settings/docs cleanup 2026-02-24 15:48:02 +01:00

moritz added 1 commit 2026-02-24 15:50:59 +01:00

Fix DE translations: Groups claim, Member fields, Save OIDC Settings; remove fuzzy eec1451743

moritz merged commit d060486d0d into main 2026-02-24 15:51:51 +01:00

moritz deleted branch feature/settings 2026-02-24 15:51:52 +01:00

moritz referenced this pull request from a commit 2026-02-24 15:51:53 +01:00

Merge pull request 'OIDC-only sign-in, Vereinfacht connection test, locale defaults, and settings/docs cleanup' (#445) from feature/settings into main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

high priority

  

invalid

Something is wrong

  

L

5 h

  

low priority

  

M

3 h

  

medium priority

  

needs refinement

  

optional

  

question

More information is needed

  

S

1 h

  

UX research

  

wontfix

This won't be fixed

No labels

bug

duplicate

enhancement

help wanted

high priority

invalid

L

low priority

M

medium priority

needs refinement

optional

question

S

UX research

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Sprint 13: 19.02-26.02

Assignees

Clear assignees

No assignees

moritz

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: local-it/mitgliederverwaltung#445

No description provided.