Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[5.x] Ability to disable CP authentication #8960

Merged
merged 25 commits into from
Jun 27, 2024
Merged

[5.x] Ability to disable CP authentication #8960

merged 25 commits into from
Jun 27, 2024

Conversation

duncanmcclean
Copy link
Member

@duncanmcclean duncanmcclean commented Nov 9, 2023
edited
Loading

This pull request implements a new config option, allowing developers to disable the Control Panel authentication pages.

Often times, if you're using something like Jetstream or Laravel Nova which provide their own login pages then you don't want an additional login page for users to somehow find their way to.

Authentication can be disabled by toggling the statamic.cp.auth.enabled option. You may optionally specify a URL for users to be redirected to instead:

<?php

/*
|--------------------------------------------------------------------------
| Authentication
|--------------------------------------------------------------------------
|
| Whether the Control Panel's authentication pages should be enabled,
| or if users should be redirected elsewhere.
|
*/

'auth' => [
    'enabled' => false,
    'redirect_to' => '/nova',
],

This PR replaces my previous PR, #7617.

@duncanmcclean duncanmcclean marked this pull request as draft November 9, 2023 11:37
@duncanmcclean duncanmcclean marked this pull request as ready for review November 9, 2023 12:07
@DwainsWorld
Copy link

Is this planned for 4.X? We would use this in almost all our apps that have a Statamic installation.

@duncanmcclean
Copy link
Member Author

Sorry, we don't have an ETA for reviewing/merging this pull request. We'll get to it when we can.

In the meantime, you can pull this PR into your project with a composer patch.

@DwainsWorld
Copy link

No problem. Thanks for the update and the composer patch package link - very useful!

@DwainsWorld
Copy link

@duncanmcclean

I was giving this a try with composer patch, all went well. Except, within routes/cp.php:

Shouldn't this:

if (config('statamic.cp.auth', true)) {

Be:

if (config('statamic.cp.auth.enabled', true)) {

@duncanmcclean
Copy link
Member Author

@DwainsWorld Yes, it should be, thanks! I've updated this PR.

@edalzell
Copy link
Contributor

This works great for me, thanks Duncan!

@DwainsWorld
Copy link

DwainsWorld commented May 9, 2024
edited
Loading

Is anyone being hit with a 404 with this PR when attempting to "Resume your session"? Is it possible to disable the ability to resume and auto logout instead?

image
image

@edalzell
Copy link
Contributor

edalzell commented May 9, 2024

Yes, I've run into this. This flow needs to be reconsidered when CP login is disabled. We use it in a passwordless login situation so this part makes no sense, it should log out and redirect to the appropriate page.

@duncanmcclean duncanmcclean changed the title [4.x] Ability to disable CP authentication [5.x] Ability to disable CP authentication May 13, 2024
@duncanmcclean duncanmcclean changed the base branch from 4.x to 5.x May 13, 2024 10:30
duncanmcclean and others added 6 commits May 13, 2024 12:24
@duncanmcclean
Redirect to login page after session expires
54a3e83
@jasonvarga
Merge branch '5.x' into pr/7617
1f2fc1b 
# Conflicts:
#	tests/Tags/User/ForgotPasswordFormTest.php
#	tests/Tags/User/LoginFormTest.php
#	tests/Tags/User/PasswordFormTest.php
#	tests/Tags/User/RegisterFormTest.php
@jasonvarga
Dont redirect at zero ...
047c97d 
Instead, redirect when there's an actual 401.

Apparently it's not completely accurate. You could get a few requests that return zero. It's fine for controlling when the modal pops up, but not a redirect. If you redirect, when you hit the login page your session will be extended, keeping you logged in.
@jasonvarga
these tests dont really prove anything
a5198ed
@jasonvarga
words
d402365
@jasonvarga
add tests
710a191
@jasonvarga jasonvarga mentioned this pull request Jun 27, 2024
Merged
@jasonvarga jasonvarga merged commit 7ace3c1 into 5.x Jun 27, 2024
17 checks passed
@jasonvarga jasonvarga deleted the pr/7617 branch June 27, 2024 20:01
duncanmcclean added a commit to statamic/statamic that referenced this pull request Aug 7, 2024
@duncanmcclean
Ability to disable CP authentication
986cf9b 
Related: statamic/cms#8960
duncanmcclean added a commit to statamic/statamic that referenced this pull request Aug 7, 2024
@duncanmcclean
Sync Statamic configs (#80)
2d0cbf6 
* Allow configuring the Stache's Cache Store

Related: statamic/cms#10303

* Ability to disable CP authentication

Related: statamic/cms#8960

* Display custom logo as plain text

Related: statamic/cms#10350

* Track sites.yaml path in git integration config

Related: statamic/cms#10463

* Add ability to specify the queue connection on static:warm command

Related: statamic/cms#8634
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edalzell edalzell edalzell left review comments

@ryanmitchell ryanmitchell ryanmitchell left review comments

@jasonvarga jasonvarga jasonvarga approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@duncanmcclean @DwainsWorld @edalzell @ryanmitchell @jasonvarga