feat(authentication): disabled users in yaml file (#4193)

Allows setting users as disabled.
2022-10-18 09:10:53 +11:00 · 2022-10-18 09:10:53 +11:00 · d610874be4
parent b993c290b0
commit d610874be4
2 changed files with 9 additions and 0 deletions
--- a/docs/content/en/reference/guides/passwords.md
+++ b/docs/content/en/reference/guides/passwords.md
@ -31,21 +31,25 @@ users:
    groups:
      - admins
      - dev
+    disabled: false
  harry:
    displayname: "Harry Potter"
    password: "$argon2id$v=19$m=65536,t=3,p=2$BpLnfgDsc2WD8F2q$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM"
    email: harry.potter@authelia.com
    groups: []
+    disabled: false
  bob:
    displayname: "Bob Dylan"
    password: "$argon2id$v=19$m=65536,t=3,p=2$BpLnfgDsc2WD8F2q$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM"
    email: bob.dylan@authelia.com
    groups:
      - dev
+    disabled: false
  james:
    displayname: "James Dean"
    password: "$argon2id$v=19$m=65536,t=3,p=2$BpLnfgDsc2WD8F2q$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM"
    email: james.dean@authelia.com
+    disabled: false
 ```

 ## Passwords
--- a/internal/authentication/file_user_provider_database.go
+++ b/internal/authentication/file_user_provider_database.go
@ -145,6 +145,10 @@ func (m *DatabaseModel) ReadToFileUserDatabase(db *FileUserDatabase) (err error)
 	var udm *DatabaseUserDetails

 	for user, details := range m.Users {
+		if details.Disabled {
+			continue
+		}
+
 		if udm, err = details.ToDatabaseUserDetailsModel(user); err != nil {
 			return fmt.Errorf("failed to parse hash for user '%s': %w", user, err)
 		}
@ -206,6 +210,7 @@ type UserDetailsModel struct {
 	DisplayName    string   `yaml:"displayname" valid:"required"`
 	Email          string   `yaml:"email"`
 	Groups         []string `yaml:"groups"`
+	Disabled       bool     `yaml:"disabled"`
 }

 // ToDatabaseUserDetailsModel converts a UserDetailsModel into a *DatabaseUserDetails.