Limit preferences when OIDC is enabled.

Passwords and email can not be changed through bookwyrm's preferences since they are managed by the SSO system. 2FA is also handled through the SSO, so it can not be enabled. Accounts can be deleted, although this will not delete it from the SSO. What happens if they try to re-login?
bookwyrm-social · Dec 1, 2022 · df1b026 · df1b026
1 parent 4a0dd5d
commit df1b026
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/bookwyrm/templates/preferences/edit_user.html b/bookwyrm/templates/preferences/edit_user.html
@@ -51,9 +51,14 @@ <h2 class="title is-4">{% trans "Profile" %}</h2>
             </div>
             <div class="field">
                 <label class="label" for="id_email">{% trans "Email address:" %}</label>
-                {{ form.email }}
+		{% if oidc_enabled %}
+		    <!-- email is not editable when OIDC is enabled -->
+		    {{ user.email }}
+		{% else %}
+                    {{ form.email }}
 
-                {% include 'snippets/form_errors.html' with errors_list=form.email.errors id="desc_email" %}
+                    {% include 'snippets/form_errors.html' with errors_list=form.email.errors id="desc_email" %}
+		{% endif %}
             </div>
         </div>
     </section>

diff --git a/bookwyrm/templates/preferences/layout.html b/bookwyrm/templates/preferences/layout.html
@@ -15,6 +15,9 @@ <h2 class="menu-label">{% trans "Account" %}</h2>
                 <a href="{{ url }}"{% if url in request.path %} class="is-active" aria-selected="true"{% endif %}>{% trans "Edit Profile" %}</a>
                 {% block profile-tabs %}{% endblock %}
             </li>
+	    {% if oidc_enabled %}
+	    <!-- passwords, 2fa and deletion not available with OIDC enabled -->
+	    {% else %}
             <li>
                 {% url 'prefs-password' as url %}
                 <a href="{{ url }}"{% if url in request.path %} class="is-active" aria-selected="true"{% endif %}>{% trans "Change Password" %}</a>
@@ -23,6 +26,7 @@ <h2 class="menu-label">{% trans "Account" %}</h2>
                 {% url 'prefs-2fa' as url %}
                 <a href="{{ url }}"{% if url in request.path %} class="is-active" aria-selected="true"{% endif %}>{% trans "Two Factor Authentication" %}</a>
             </li>
+	    {% endif %}
             <li>
                 {% url 'prefs-delete' as url %}
                 <a href="{{ url }}"{% if url in request.path %} class="is-active" aria-selected="true"{% endif %}>{% trans "Delete Account" %}</a>