New OpenID and OAuth2 drivers (#8660)

* Moved over oauth impl to new interface

* Fixed most build issues and started addind schema to auth drivers

* Finished up OAuth2 and OpenID drivers

* Removed unused migration and utils

* Fixed minor todos

* Removed old oauth flow

* Changed oauth flow to re-use refresh token

* Added new oauth frontend

* Added font awesome social icons

* Updated authentication documentation

* Update api/src/auth/drivers/oauth2.ts

* Tested implementation and fixed incorrect validation

* Updated docs

* Improved OAuth error handling and re-enabled creating users with provider/identifier

* Removed Session config from docs

* Update app/src/components/v-icon/v-icon.vue

* Removed oauth need to define default roleID

* Added FormatTitle to SSO links

* Prevent local auth without password

* Store OAuth access token in session data

* Update docs/guides/api-config.md

* Fixed copy and removed fontawesome-vue dependency

* More docs fixes

* Crucialy importend type fiks

* Update package-lock

* Remove is-email-allowed check

In favor of more advanced version based on filtering coming later

* Fix JSON type casting

* Delete unused util

* Update type signature to include name

* Add warning when code isn't found in oauth url

and remove obsolete imports

* Auto-continue on successful SSO login

* Tweak type signature

* More type casting shenanigans

* Please the TS gods

* Check for missing token before crashing

Co-authored-by: rijkvanzanten <rijkvanzanten@me.com>

api/src/services/users.ts

@@ -82,21 +82,23 @@ export class UsersService extends ItemsService {
 			fields: ['auth_password_policy'],
 		});
 
-		if (policyRegExString) {
-			const wrapped = policyRegExString.startsWith('/') && policyRegExString.endsWith('/');
-			const regex = new RegExp(wrapped ? policyRegExString.slice(1, -1) : policyRegExString);
+		if (!policyRegExString) {
+			return;
+		}
 
-			for (const password of passwords) {
-				if (regex.test(password) === false) {
-					throw new FailedValidationException({
-						message: `Provided password doesn't match password policy`,
-						path: ['password'],
-						type: 'custom.pattern.base',
-						context: {
-							value: password,
-						},
-					});
-				}
+		const wrapped = policyRegExString.startsWith('/') && policyRegExString.endsWith('/');
+		const regex = new RegExp(wrapped ? policyRegExString.slice(1, -1) : policyRegExString);
+
+		for (const password of passwords) {
+			if (!regex.test(password)) {
+				throw new FailedValidationException({
+					message: `Provided password doesn't match password policy`,
+					path: ['password'],
+					type: 'custom.pattern.base',
+					context: {
+						value: password,
+					},
+				});
 			}
 		}
 	}
@@ -141,16 +143,6 @@ export class UsersService extends ItemsService {
 			await this.checkPasswordPolicy(passwords);
 		}
 
-		for (const user of data) {
-			if (user.provider !== undefined) {
-				throw new InvalidPayloadException(`You can't set the "provider" value manually.`);
-			}
-
-			if (user.external_identifier !== undefined) {
-				throw new InvalidPayloadException(`You can't set the "external_identifier" value manually.`);
-			}
-		}
-
 		return await super.createMany(data, opts);
 	}