oidc: allow login if the password method is disabled

isLoggedInWithOIDC returns false before login so we need to add
a specific check

Fixes #1879

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>

internal/httpd/oidc.go

@@ -396,7 +396,7 @@ func (t *oidcToken) refreshUser(r *http.Request) error {
 	if err := user.CheckLoginConditions(); err != nil {
 		return err
 	}
-	if err := checkHTTPClientUser(&user, r, xid.New().String(), true); err != nil {
+	if err := checkHTTPClientUser(&user, r, xid.New().String(), true, false); err != nil {
 		return err
 	}
 	t.Permissions = user.Filters.WebClient
@@ -460,7 +460,7 @@ func (t *oidcToken) getUser(r *http.Request) error {
 		return err
 	}
 	connectionID := fmt.Sprintf("%s_%s", common.ProtocolOIDC, xid.New().String())
-	if err := checkHTTPClientUser(user, r, connectionID, true); err != nil {
+	if err := checkHTTPClientUser(user, r, connectionID, true, true); err != nil {
 		updateLoginMetrics(user, dataprovider.LoginMethodIDP, ipAddr, err, r)
 		return err
 	}