[Feature]: Disallow user creation and only allow existing users to login

HEPTACOM / HeptacomShopwarePlatformAdminOpenAuth

Shopware plugin to allow open auth logins in the administration

https://www.heptacom.de/

Apache License 2.0

30 stars 10 forks source link

[Feature]: Disallow user creation and only allow existing users to login #10

Closed AndreasA closed 1 year ago

AndreasA commented 1 year ago

Plugin Version

4.2.1

PHP Version

8.1

Shopware Version

6.4.18.1

Installation method

Composer

Identity provider

Google Cloud

What happened?

Google Oauth currently has very little options to limit which users get access. So it would be nice if e.g. the plugin would have an option to disable user creation.

optionally it is always possible to create users without permissions and change those later on but not even creating them would be even better.

Relevant log output

No response

JoshuaBehrens commented 1 year ago

Really good idea. You can already implement it on your own for your project: Just reimplement \Heptacom\AdminOpenAuth\Service\UserResolver::resolve using a decorator and only use the findUser method and do not call the provisioner. So you can already prepare it for your project.

We will likely not add any features to the Shopware 6.4 release as we are already working on the version for the Shopware 6.5. But I created a ticket for this internally so we make sure this feature will be in there. It is a good one. For now we keep it own

silviokennecke commented 1 year ago

We just implemented a configuration option to completely disable the password login, which will be released in version 5.0.0. In combination with the option to disallow creation of new users via the provider (provider configuration), this should cover this case. I’ll therefore close this feature request.

AndreasA commented 8 months ago

@silviokennecke From what I can see users that are available through the provider, e.g. Google by default just allows all Google users would still be created. They might not have any roles assigned to them but they are created.

The provider only allows one to disable the update of a user but not the creation. It should be a simple change though, just throw a corresponding exception in \Heptacom\AdminOpenAuth\Service\UserResolver::resolve for new users, if a certain config is set.

AndreasA commented 8 months ago

This would also be helpful in case no role assignment happens, to avoid creating unnecessary users.