add LOCAL_STRATEGY_ENABLED and LOCAL_STRATEGY_USES_ONLY_ENV_VARS_FOR_SOME_OPTIONS

README.md

@@ -185,13 +185,10 @@ Environment Variables
     * BLOCKDIAG_URI: URI to connect to [blockdiag](http://http://blockdiag.com/) server.
 * **Option (Overwritable in admin page)**
     * APP_SITE_URL: Site URL. e.g. `https://example.com`, `https://example.com:8080`
-    * OAUTH_GOOGLE_CLIENT_ID: Google API client id for OAuth login.
-    * OAUTH_GOOGLE_CLIENT_SECRET: Google API client secret for OAuth login.
-    * OAUTH_GITHUB_CLIENT_ID: GitHub API client id for OAuth login.
-    * OAUTH_GITHUB_CLIENT_SECRET: GitHub API client secret for OAuth login.
-    * OAUTH_TWITTER_CONSUMER_KEY: Twitter consumer key(API key) for OAuth login.
-    * OAUTH_TWITTER_CONSUMER_SECRET: Twitter consumer secret(API secret) for OAuth login.
+    * LOCAL_STRATEGY_ENABLED: Enable or disable ID/Pass login
+    * LOCAL_STRATEGY_USES_ONLY_ENV_VARS_FOR_SOME_OPTIONS: Prioritize env vars than values in DB for some ID/Pass login options
     * SAML_ENABLED: Enable or disable SAML
+    * SAML_USES_ONLY_ENV_VARS_FOR_SOME_OPTIONS: Prioritize env vars than values in DB for some SAML options
     * SAML_ENTRY_POINT: IdP entry point
     * SAML_ISSUER: Issuer string to supply to IdP
     * SAML_ATTR_MAPPING_ID: Attribute map for id
@@ -200,6 +197,12 @@ Environment Variables
     * SAML_ATTR_MAPPING_FIRST_NAME: Attribute map for first name
     * SAML_ATTR_MAPPING_LAST_NAME:  Attribute map for last name
     * SAML_CERT: PEM-encoded X.509 signing certificate string to validate the response from IdP
+    * OAUTH_GOOGLE_CLIENT_ID: Google API client id for OAuth login.
+    * OAUTH_GOOGLE_CLIENT_SECRET: Google API client secret for OAuth login.
+    * OAUTH_GITHUB_CLIENT_ID: GitHub API client id for OAuth login.
+    * OAUTH_GITHUB_CLIENT_SECRET: GitHub API client secret for OAuth login.
+    * OAUTH_TWITTER_CONSUMER_KEY: Twitter consumer key(API key) for OAuth login.
+    * OAUTH_TWITTER_CONSUMER_SECRET: Twitter consumer secret(API secret) for OAuth login.
 
 
 Documentation

src/server/service/config-loader.js

@@ -142,6 +142,18 @@ const ENV_VAR_NAME_TO_CONFIG_INFO = {
     type:    TYPES.STRING,
     default: undefined,
   },
+  LOCAL_STRATEGY_ENABLED: {
+    ns:      'crowi',
+    key:     'security:passport-local:isEnabled',
+    type:    TYPES.BOOLEAN,
+    default: true,
+  },
+  LOCAL_STRATEGY_USES_ONLY_ENV_VARS_FOR_SOME_OPTIONS: {
+    ns:      'crowi',
+    key:     'security:passport-local:useOnlyEnvVarsForSomeOptions',
+    type:    TYPES.BOOLEAN,
+    default: false,
+  },
   SAML_USES_ONLY_ENV_VARS_FOR_SOME_OPTIONS: {
     ns:      'crowi',
     key:     'security:passport-saml:useOnlyEnvVarsForSomeOptions',

src/server/service/config-manager.js

@@ -1,6 +1,10 @@
 const logger = require('@alias/logger')('growi:service:ConfigManager');
 const ConfigLoader = require('../service/config-loader');
 
+const KEYS_FOR_LOCAL_STRATEGY_USE_ONLY_ENV_OPTION = [
+  'security:passport-local:isEnabled',
+];
+
 const KEYS_FOR_SAML_USE_ONLY_ENV_OPTION = [
   'security:passport-saml:isEnabled',
   'security:passport-saml:entryPoint',
@@ -50,11 +54,11 @@ class ConfigManager {
   getConfig(namespace, key) {
     let value;
 
-    if (this.searchOnlyFromEnvVarConfigs('crowi', 'security:passport-saml:useOnlyEnvVarsForSomeOptions')) {
-      value = this.searchInSAMLUseOnlyEnvMode(namespace, key);
+    if (this.shouldSearchedFromEnvVarsOnly(namespace, key)) {
+      value = this.searchOnlyFromEnvVarConfigs(namespace, key);
     }
     else {
-    value = this.defaultSearch(namespace, key);
+      value = this.defaultSearch(namespace, key);
     }
 
     logger.debug(key, value);
@@ -175,6 +179,24 @@ class ConfigManager {
     this.reloadConfigKeys();
   }
 
+  /**
+   * return whether the specified namespace/key should be retrieved only from env vars
+   */
+  shouldSearchedFromEnvVarsOnly(namespace, key) {
+    return (namespace === 'crowi' && (
+      // local strategy
+      (
+        KEYS_FOR_LOCAL_STRATEGY_USE_ONLY_ENV_OPTION.includes(key)
+        && this.defaultSearch('crowi', 'security:passport-local:useOnlyEnvVarsForSomeOptions')
+      )
+      // saml strategy
+      || (
+        KEYS_FOR_SAML_USE_ONLY_ENV_OPTION.includes(key)
+        && this.defaultSearch('crowi', 'security:passport-saml:useOnlyEnvVarsForSomeOptions')
+      )
+    ));
+  }
+
   /*
    * All of the methods below are private APIs.
    */
@@ -216,22 +238,6 @@ class ConfigManager {
     }
   }
 
-  /**
-   * For the configs specified by KEYS_FOR_SAML_USE_ONLY_ENV_OPTION,
-   * this searches only from configs loaded from the environment variables.
-   * For the other configs, this searches as the same way to defaultSearch.
-   */
-  /* eslint-disable no-else-return */
-  searchInSAMLUseOnlyEnvMode(namespace, key) {
-    if (namespace === 'crowi' && KEYS_FOR_SAML_USE_ONLY_ENV_OPTION.includes(key)) {
-      return this.searchOnlyFromEnvVarConfigs(namespace, key);
-    }
-    else {
-      return this.defaultSearch(namespace, key);
-    }
-  }
-  /* eslint-enable no-else-return */
-
   /**
    * search a specified config from configs loaded from the database
    */

src/server/views/admin/widget/passport/local.html

@@ -4,18 +4,31 @@
 
   {% set nameForIsLocalEnabled = "settingForm[security:passport-local:isEnabled]" %}
   {% set isLocalEnabled = getConfig('crowi', 'security:passport-local:isEnabled') %}
+  {% set useOnlyEnvVars = getConfig('crowi', 'security:passport-local:useOnlyEnvVarsForSomeOptions') %}
+
+  {% if useOnlyEnvVars %}
+    <p class="alert alert-info">
+      {{ t("security_setting.Local.note for the only env option", "LOCAL_STRATEGY_USES_ONLY_ENV_VARS_FOR_SOME_OPTIONS") }}
+    </p>
+  {% endif %}
 
   <div class="form-group">
     <label for="{{nameForIsLocalEnabled}}" class="col-xs-3 control-label">{{ t("security_setting.Local.name") }}</label>
     <div class="col-xs-6">
-      <div class="btn-group btn-toggle" data-toggle="buttons">
+      <div class="btn-group btn-toggle {% if useOnlyEnvVars %}btn-group-disabled{% endif %}" data-toggle="buttons">
         <label class="btn btn-default btn-rounded btn-outline {% if isLocalEnabled %}active{% endif %}" data-active-class="primary">
-          <input name="{{nameForIsLocalEnabled}}" value="true" type="radio"
-              {% if true === isLocalEnabled %}checked{% endif %}> ON
+          <input name="{{nameForIsLocalEnabled}}"
+                 value="true"
+                 type="radio"
+                 {% if true === isLocalEnabled %}checked{% endif %}
+                 {% if useOnlyEnvVars %}readonly{% endif %}> ON
         </label>
         <label class="btn btn-default btn-rounded btn-outline {% if !isLocalEnabled %}active{% endif %}" data-active-class="default">
-          <input name="{{nameForIsLocalEnabled}}" value="false" type="radio"
-              {% if !isLocalEnabled %}checked{% endif %}> OFF
+          <input name="{{nameForIsLocalEnabled}}"
+                 value="false"
+                 type="radio"
+                 {% if !isLocalEnabled %}checked{% endif %}
+                 {% if useOnlyEnvVars %}readonly{% endif %}> OFF
         </label>
       </div>
       <p class="help-block">