diff --git a/backend/src/server/routes/v1/admin-router.ts b/backend/src/server/routes/v1/admin-router.ts
index 4557152bdb..73d6cc7e78 100644
--- a/backend/src/server/routes/v1/admin-router.ts
+++ b/backend/src/server/routes/v1/admin-router.ts
@@ -78,7 +78,7 @@ export const registerAdminRouter = async (server: FastifyZodProvider) => {
});
},
handler: async (req) => {
- const config = await server.services.superAdmin.updateServerCfg(req.body);
+ const config = await server.services.superAdmin.updateServerCfg(req.body, req.permission.id);
return { config };
}
});
diff --git a/backend/src/services/super-admin/super-admin-service.ts b/backend/src/services/super-admin/super-admin-service.ts
index 41b97efa42..a51282db6f 100644
--- a/backend/src/services/super-admin/super-admin-service.ts
+++ b/backend/src/services/super-admin/super-admin-service.ts
@@ -12,7 +12,7 @@ import { AuthMethod } from "../auth/auth-type";
import { TOrgServiceFactory } from "../org/org-service";
import { TUserDALFactory } from "../user/user-dal";
import { TSuperAdminDALFactory } from "./super-admin-dal";
-import { TAdminSignUpDTO } from "./super-admin-types";
+import { LoginMethod, TAdminSignUpDTO } from "./super-admin-types";
type TSuperAdminServiceFactoryDep = {
serverCfgDAL: TSuperAdminDALFactory;
@@ -79,7 +79,38 @@ export const superAdminServiceFactory = ({
return newCfg;
};
- const updateServerCfg = async (data: TSuperAdminUpdate) => {
+ const updateServerCfg = async (data: TSuperAdminUpdate, userId: string) => {
+ if (data.enabledLoginMethods) {
+ const superAdminUser = await userDAL.findById(userId);
+ const loginMethodToAuthMethod = {
+ [LoginMethod.EMAIL]: [AuthMethod.EMAIL],
+ [LoginMethod.GOOGLE]: [AuthMethod.GOOGLE],
+ [LoginMethod.GITLAB]: [AuthMethod.GITLAB],
+ [LoginMethod.GITHUB]: [AuthMethod.GITHUB],
+ [LoginMethod.LDAP]: [AuthMethod.LDAP],
+ [LoginMethod.OIDC]: [AuthMethod.OIDC],
+ [LoginMethod.SAML]: [
+ AuthMethod.AZURE_SAML,
+ AuthMethod.GOOGLE_SAML,
+ AuthMethod.JUMPCLOUD_SAML,
+ AuthMethod.KEYCLOAK_SAML,
+ AuthMethod.OKTA_SAML
+ ]
+ };
+
+ if (
+ !data.enabledLoginMethods.some((loginMethod) =>
+ loginMethodToAuthMethod[loginMethod as LoginMethod].some(
+ (authMethod) => superAdminUser.authMethods?.includes(authMethod)
+ )
+ )
+ ) {
+ throw new BadRequestError({
+ message:
+ "Admin has insufficient authentication methods for update operation to complete without getting locked out."
+ });
+ }
+ }
const updatedServerCfg = await serverCfgDAL.updateById(ADMIN_CONFIG_DB_UUID, data);
await keyStore.setItemWithExpiry(ADMIN_CONFIG_KEY, ADMIN_CONFIG_KEY_EXP, JSON.stringify(updatedServerCfg));
@@ -167,7 +198,7 @@ export const superAdminServiceFactory = ({
orgName: initialOrganizationName
});
- await updateServerCfg({ initialized: true });
+ await updateServerCfg({ initialized: true }, userInfo.user.id);
const token = await authService.generateUserTokens({
user: userInfo.user,
authMethod: AuthMethod.EMAIL,
diff --git a/frontend/src/views/Login/components/InitialStep/InitialStep.tsx b/frontend/src/views/Login/components/InitialStep/InitialStep.tsx
index 99e80048af..69a4188270 100644
--- a/frontend/src/views/Login/components/InitialStep/InitialStep.tsx
+++ b/frontend/src/views/Login/components/InitialStep/InitialStep.tsx
@@ -337,7 +337,11 @@ export const InitialStep = ({ setStep, email, setEmail, password, setPassword }:
)}
{!isLoading && loginError && }
- {config.allowSignUp ? (
+ {config.allowSignUp &&
+ (shouldDisplayLoginMethod(LoginMethod.EMAIL) ||
+ shouldDisplayLoginMethod(LoginMethod.GOOGLE) ||
+ shouldDisplayLoginMethod(LoginMethod.GITHUB) ||
+ shouldDisplayLoginMethod(LoginMethod.GITLAB)) ? (