feat: enforce 2fa admin setting + hide local on login screen

client/components/admin/admin-security.vue

@@ -278,6 +278,7 @@ export default {
           mutation: gql`
             mutation (
               $authAutoLogin: Boolean
+              $authEnforce2FA: Boolean
               $authHideLocal: Boolean
               $authLoginBgUrl: String
               $authJwtAudience: String
@@ -298,6 +299,7 @@ export default {
               site {
                 updateConfig(
                   authAutoLogin: $authAutoLogin,
+                  authEnforce2FA: $authEnforce2FA,
                   authHideLocal: $authHideLocal,
                   authLoginBgUrl: $authLoginBgUrl,
                   authJwtAudience: $authJwtAudience,
@@ -327,6 +329,7 @@ export default {
           `,
           variables: {
             authAutoLogin: _.get(this.config, 'authAutoLogin', false),
+            authEnforce2FA: _.get(this.config, 'authEnforce2FA', false),
             authHideLocal: _.get(this.config, 'authHideLocal', false),
             authLoginBgUrl: _.get(this.config, 'authLoginBgUrl', ''),
             authJwtAudience: _.get(this.config, 'authJwtAudience', ''),
@@ -377,6 +380,7 @@ export default {
           site {
             config {
               authAutoLogin
+              authEnforce2FA
               authHideLocal
               authLoginBgUrl
               authJwtAudience

client/components/login.vue

@@ -18,7 +18,7 @@
             v-list.elevation-1.radius-7(nav)
               v-list-item-group(v-model='selectedStrategyKey')
                 v-list-item(
-                  v-for='(stg, idx) of strategies'
+                  v-for='(stg, idx) of filteredStrategies'
                   :key='stg.key'
                   :value='stg.key'
                   :color='stg.strategy.color'
@@ -252,8 +252,8 @@ export default {
     return {
       error: false,
       strategies: [],
-      selectedStrategyKey: 'local',
-      selectedStrategy: { key: 'local', strategy: { useForm: true } },
+      selectedStrategyKey: 'unselected',
+      selectedStrategy: { key: 'unselected', strategy: { useForm: false } },
       screen: 'login',
       username: '',
       password: '',
@@ -276,11 +276,21 @@ export default {
     isSocialShown () {
       return this.strategies.length > 1
     },
-    logoUrl () { return siteConfig.logoUrl }
+    logoUrl () { return siteConfig.logoUrl },
+    filteredStrategies () {
+      const qParams = new URLSearchParams(window.location.search)
+      if (this.hideLocal && !qParams.has('all')) {
+        return _.reject(this.strategies, ['key', 'local'])
+      } else {
+        return this.strategies
+      }
+    }
   },
   watch: {
-    strategies(newValue, oldValue) {
-      this.selectedStrategy = _.head(newValue)
+    filteredStrategies (newValue, oldValue) {
+      if (_.head(newValue).strategy.useForm) {
+        this.selectedStrategyKey = _.head(newValue).key
+      }
     },
     selectedStrategyKey (newValue, oldValue) {
       this.selectedStrategy = _.find(this.strategies, ['key', newValue])

server/app/data.yml

@@ -55,6 +55,7 @@ defaults:
       darkMode: false
     auth:
       autoLogin: false
+      enforce2FA: false
       hideLocal: false
       loginBgUrl: ''
       audience: 'urn:wiki.js'

server/graph/resolvers/site.js

@@ -22,6 +22,7 @@ module.exports = {
         ...WIKI.config.features,
         ...WIKI.config.security,
         authAutoLogin: WIKI.config.auth.autoLogin,
+        authEnforce2FA: WIKI.config.auth.enforce2FA,
         authHideLocal: WIKI.config.auth.hideLocal,
         authLoginBgUrl: WIKI.config.auth.loginBgUrl,
         authJwtAudience: WIKI.config.auth.audience,
@@ -68,6 +69,7 @@ module.exports = {
 
         WIKI.config.auth = {
           autoLogin: _.get(args, 'authAutoLogin', WIKI.config.auth.autoLogin),
+          enforce2FA: _.get(args, 'authEnforce2FA', WIKI.config.auth.enforce2FA),
           hideLocal: _.get(args, 'authHideLocal', WIKI.config.auth.hideLocal),
           loginBgUrl: _.get(args, 'authLoginBgUrl', WIKI.config.auth.loginBgUrl),
           audience: _.get(args, 'authJwtAudience', WIKI.config.auth.audience),

server/graph/schemas/site.graphql

@@ -34,6 +34,7 @@ type SiteMutation {
     contentLicense: String
     logoUrl: String
     authAutoLogin: Boolean
+    authEnforce2FA: Boolean
     authHideLocal: Boolean
     authLoginBgUrl: String
     authJwtAudience: String
@@ -72,6 +73,7 @@ type SiteConfig {
   contentLicense: String!
   logoUrl: String!
   authAutoLogin: Boolean
+  authEnforce2FA: Boolean
   authHideLocal: Boolean
   authLoginBgUrl: String
   authJwtAudience: String