httpd: add a setting to disable login methods, deprecate the previous one

the previous enabled login methods setting is hard to extend in a backward compatible way Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2025-12-07 23:00:55 +03:00 · 2025-01-25 21:49:01 +01:00
parent 70f8b4d495
commit 69ef36b4d9
8 changed files with 314 additions and 91 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -99,26 +99,27 @@ var (
 		DisableWWWAuthHeader: false,
 	}
 	defaultHTTPDBinding = httpd.Binding{
-		Address:             "",
-		Port:                8080,
-		EnableWebAdmin:      true,
-		EnableWebClient:     true,
-		EnableRESTAPI:       true,
-		EnabledLoginMethods: 0,
-		EnableHTTPS:         false,
-		CertificateFile:     "",
-		CertificateKeyFile:  "",
-		MinTLSVersion:       12,
-		ClientAuthType:      0,
-		TLSCipherSuites:     nil,
-		Protocols:           nil,
-		ProxyMode:           0,
-		ProxyAllowed:        nil,
-		ClientIPProxyHeader: "",
-		ClientIPHeaderDepth: 0,
-		HideLoginURL:        0,
-		RenderOpenAPI:       true,
-		Languages:           []string{"en"},
+		Address:              "",
+		Port:                 8080,
+		EnableWebAdmin:       true,
+		EnableWebClient:      true,
+		EnableRESTAPI:        true,
+		EnabledLoginMethods:  0,
+		DisabledLoginMethods: 0,
+		EnableHTTPS:          false,
+		CertificateFile:      "",
+		CertificateKeyFile:   "",
+		MinTLSVersion:        12,
+		ClientAuthType:       0,
+		TLSCipherSuites:      nil,
+		Protocols:            nil,
+		ProxyMode:            0,
+		ProxyAllowed:         nil,
+		ClientIPProxyHeader:  "",
+		ClientIPHeaderDepth:  0,
+		HideLoginURL:         0,
+		RenderOpenAPI:        true,
+		Languages:            []string{"en"},
 		OIDC: httpd.OIDC{
 			ClientID:                   "",
 			ClientSecret:               "",
@@ -1868,6 +1869,12 @@ func getHTTPDBindingFromEnv(idx int) { //nolint:gocyclo
 		isSet = true
 	}

+	disabledLoginMethods, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__DISABLED_LOGIN_METHODS", idx), 32)
+	if ok {
+		binding.DisabledLoginMethods = int(disabledLoginMethods)
+		isSet = true
+	}
+
 	renderOpenAPI, ok := lookupBoolFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__RENDER_OPENAPI", idx))
 	if ok {
 		binding.RenderOpenAPI = renderOpenAPI