Skip to content

ci-verify: login-capabilities (#10949 formatting fix via develop merge)#10

Closed
MichaelUray wants to merge 7 commits into
developfrom
ci-verify/login-capabilities
Closed

ci-verify: login-capabilities (#10949 formatting fix via develop merge)#10
MichaelUray wants to merge 7 commits into
developfrom
ci-verify/login-capabilities

Conversation

@MichaelUray

Copy link
Copy Markdown
Owner

Fork-interner CI-Runner für hcengineering#10949. Verifiziert build+test+formatting nach develop-Merge (c838648). Kein Upstream-PR.

…inCapabilities

When DISABLE_SIGNUP=true on the account service, the signUp and signUpOtp
operations throw Forbidden — preventing manual sign-ups even via direct
API calls, not just hiding the UI tab.

When DISABLE_GUEST_LOGIN=true, the loginAsGuest operation throws Forbidden
without touching the database. Combined with the existing
AccountNotFound branch (no guest person row), the guest login is fully
controllable via env or DB state.

A new getLoginCapabilities operation lets the client query both flags so
the UI can hide the corresponding affordances. It reports
signUpEnabled (false iff DISABLE_SIGNUP=true) and guestLoginAvailable
(false iff DISABLE_GUEST_LOGIN=true OR no read-only guest person row
exists). The client RPC stub is added to AccountClient as well.

Signed-off-by: Michael Uray <michael.uray@gmail.com>
Signed-off-by: Michael Uray <michaeluray@users.noreply.github.com>
…lities

LoginForm now queries getLoginCapabilities on mount and uses the result
to gate two UI affordances:

- effectiveSignUpDisabled OR-s the existing signUpDisabled prop with
  !signUpEnabled from the server, so the Sign Up tab disappears when
  the account service reports sign-up disabled (DISABLE_SIGNUP=true).
- The "Continue as guest" button is rendered only when
  guestLoginAvailable is true, which the server reports as false when
  either DISABLE_GUEST_LOGIN=true or the read-only guest person row is
  not present in the DB.

fetchLoginCapabilities returns { signUpEnabled: true,
guestLoginAvailable: true } on any RPC error to keep both controls
visible when talking to older account services without the endpoint.

Signed-off-by: Michael Uray <michael.uray@gmail.com>
Signed-off-by: Michael Uray <michaeluray@users.noreply.github.com>
…in-capabilities

Signed-off-by: Michael Uray <michaeluray@users.noreply.github.com>
Signed-off-by: Michael Uray <michaeluray@users.noreply.github.com>
…ilities-disable-signup-guest

Signed-off-by: Michael Uray <michaeluray@users.noreply.github.com>
…DB probing (L-AUTH-1)

getLoginCapabilities ist unauthenticated und traf pro anonymem Aufruf die
DB (db.person.findOne auf den Guest-Account) -> Existenz-Probing + DB-Last.
Guest-Person-Zustand aendert sich praktisch nie: Ergebnis jetzt mit 60s-TTL
modul-lokal gecacht. resetGuestPersonCache() fuer Tests/Ops.

Signed-off-by: Michael Uray <michaeluray@users.noreply.github.com>
@MichaelUray MichaelUray deleted the ci-verify/login-capabilities branch July 10, 2026 07:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant