Config: Add oidc-register flag to allow user registration via OIDC #782

Signed-off-by: Michael Mayer <michael@photoprism.app>
2025-12-12 00:34:13 +01:00 · 2024-06-24 17:08:59 +02:00
parent fcd551f31f
commit 8c67fb1fe8
5 changed files with 18 additions and 0 deletions
--- a/internal/config/config_oidc.go
+++ b/internal/config/config_oidc.go
@@ -27,6 +27,11 @@ func (c *Config) OIDCScopes() string {
 	return c.options.OIDCScopes
 }

+// OIDCRegister checks if new accounts may be created via OIDC.
+func (c *Config) OIDCRegister() bool {
+	return c.options.OIDCRegister
+}
+
 // OIDCInsecure checks if OIDC issuer SSL/TLS certificate verification should be skipped.
 func (c *Config) OIDCInsecure() bool {
 	return c.options.OIDCInsecure
--- a/internal/config/config_oidc_test.go
+++ b/internal/config/config_oidc_test.go
@@ -36,6 +36,12 @@ func TestConfig_OIDCScopes(t *testing.T) {
 	assert.Equal(t, "openid profile", c.OIDCScopes())
 }

+func TestConfig_OIDCRegister(t *testing.T) {
+	c := NewConfig(CliTestContext())
+
+	assert.False(t, c.OIDCRegister())
+}
+
 func TestConfig_OIDCInsecure(t *testing.T) {
 	c := NewConfig(CliTestContext())

--- a/internal/config/flags.go
+++ b/internal/config/flags.go
@@ -67,6 +67,11 @@ var Flags = CliFlags{
 			Value:  OIDCDefaultScopes,
 			EnvVar: EnvVar("OIDC_SCOPES"),
 		}}, {
+		Flag: cli.BoolFlag{
+			Name:   "oidc-register",
+			Usage:  "allow creating new accounts via OIDC",
+			EnvVar: EnvVar("OIDC_REGISTER"),
+		}}, {
 		Flag: cli.BoolFlag{
 			Name:   "oidc-insecure",
 			Usage:  "skip issuer SSL/TLS certificate verification",
--- a/internal/config/options.go
+++ b/internal/config/options.go
@@ -35,6 +35,7 @@ type Options struct {
 	OIDCClient            string        `yaml:"OIDCClient" json:"-" flag:"oidc-client"`
 	OIDCSecret            string        `yaml:"OIDCSecret" json:"-" flag:"oidc-secret"`
 	OIDCScopes            string        `yaml:"OIDCScopes" json:"-" flag:"oidc-scopes"`
+	OIDCRegister          bool          `yaml:"OIDCRegister" json:"-" flag:"oidc-register"`
 	OIDCInsecure          bool          `yaml:"OIDCInsecure" json:"-" flag:"oidc-insecure"`
 	SessionMaxAge         int64         `yaml:"SessionMaxAge" json:"-" flag:"session-maxage"`
 	SessionTimeout        int64         `yaml:"SessionTimeout" json:"-" flag:"session-timeout"`
--- a/internal/config/report.go
+++ b/internal/config/report.go
@@ -32,6 +32,7 @@ func (c *Config) Report() (rows [][]string, cols []string) {
 		{"oidc-client", c.OIDCClient()},
 		{"oidc-secret", c.OIDCSecret()},
 		{"oidc-scopes", c.OIDCScopes()},
+		{"oidc-register", fmt.Sprintf("%t", c.OIDCRegister())},
 		{"oidc-insecure", fmt.Sprintf("%t", c.OIDCInsecure())},
 		{"session-maxage", fmt.Sprintf("%d", c.SessionMaxAge())},
 		{"session-timeout", fmt.Sprintf("%d", c.SessionTimeout())},