Allow new SSO logins in "deny" mode

The can_register check is actually only suitable for preventing new unverified registrations; in SSO mode, we normally trust the SSO provider have performed the checks and only gives us users we’re supposed to let in. Ideally, this should be a separate set of settings to allow e.g. optionally requiring confirmation on SSO logins or to configure different levels of trust per SSO provider. Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Allow new SSO logins in "deny" mode
fca80a4d · Andrej Shadura · Sjoerd Simons · c743b6a3 · fca80a4d
Commit fca80a4d authored 3 years ago by Andrej Shadura Committed by Sjoerd Simons 3 years ago
--- a/src/api/app/views/webui2/webui/session/sso_confirm.html.haml
+++ b/src/api/app/views/webui2/webui/session/sso_confirm.html.haml
@@ -3,7 +3,6 @@
 .card
  .card-body#loginform
    .col-lg-6.pl-0
-      - if can_register
      %h3= @pagetitle
      %p Since this is your first time you sign in, you need to choose your username.
      = form_tag({ controller: 'session', action: 'sso_confirm', method: :post }, class: 'sign-up', autocomplete: 'off') do
@@ -12,6 +11,4 @@
          %abbr.text-danger{ title: 'required' } *
          = text_field_tag 'login', @derived_username, placeholder: 'Username', autocomplete: 'off', class: 'form-control', required: true
        = submit_tag('Confirm and Log In', class: 'btn btn-primary')
-      - else
-        %p Sorry, only existing users can sign in.