Toggle SSO button in scss

docker/start.sh

@@ -26,11 +26,4 @@ elif [ -d /etc/bitwarden_rs.d ]; then
     done
 fi
 
-# Toggle the SSO Link
-if [ "$SSO_ENABLED" = "true" ]; then
-    sed -i 's#a\[routerlink="/sso"\]#a\[routerlink="/sso-sed"\]#' /web-vault/app/main.*.css
-else
-    sed -i 's#a\[routerlink="/sso-sed"\]#a\[routerlink="/sso"\]#' /web-vault/app/main.*.css
-fi
-
 exec /vaultwarden "${@}"

playwright/tests/sso_login.spec.ts

@@ -38,8 +38,7 @@ test('Non SSO login', async ({ page }) => {
     await expect(page).toHaveTitle(/Vaults/);
 });
 
-
-test('Non SSO login Failure', async ({ page, browser }, testInfo: TestInfo) => {
+test('Non SSO login impossible', async ({ page, browser }, testInfo: TestInfo) => {
     await utils.restartVaultwarden(page, testInfo, {
         SSO_ENABLED: true,
         SSO_ONLY: true
@@ -50,12 +49,8 @@ test('Non SSO login Failure', async ({ page, browser }, testInfo: TestInfo) => {
     await page.getByLabel(/Email address/).fill(users.user1.email);
     await page.getByRole('button', { name: 'Continue' }).click();
 
-    // Unlock page
-    await page.getByLabel('Master password').fill(users.user1.password);
-    await page.getByRole('button', { name: 'Log in with master password' }).click();
-
-    // An error should appear
-    await page.getByLabel('SSO sign-in is required')
+    // No Master password
+    await expect(page.getByLabel('Master password')).toBeHidden();
 });
 
 test('No SSO login', async ({ page }, testInfo: TestInfo) => {

src/api/web.rs

@@ -89,14 +89,16 @@ fn vaultwarden_css() -> Cached<Css<String>> {
     });
 
     let css_options = json!({
-        "web_vault_version": *WEB_VAULT_VERSION,
-        "vw_version": *VW_VERSION,
-        "signup_disabled": !CONFIG.signups_allowed() && CONFIG.signups_domains_whitelist().is_empty(),
-        "mail_enabled": CONFIG.mail_enabled(),
-        "yubico_enabled": CONFIG._enable_yubico() && (CONFIG.yubico_client_id().is_some() == CONFIG.yubico_secret_key().is_some()),
         "emergency_access_allowed": CONFIG.emergency_access_allowed(),
-        "sends_allowed": CONFIG.sends_allowed(),
         "load_user_scss": true,
+        "mail_enabled": CONFIG.mail_enabled(),
+        "sends_allowed": CONFIG.sends_allowed(),
+        "signup_disabled": !CONFIG.signups_allowed() && CONFIG.signups_domains_whitelist().is_empty(),
+        "sso_disabled": !CONFIG.sso_enabled(),
+        "sso_only": CONFIG.sso_enabled() && CONFIG.sso_only(),
+        "vw_version": *VW_VERSION,
+        "web_vault_version": *WEB_VAULT_VERSION,
+        "yubico_enabled": CONFIG._enable_yubico() && (CONFIG.yubico_client_id().is_some() == CONFIG.yubico_secret_key().is_some()),
     });
 
     let scss = match CONFIG.render_template("scss/vaultwarden.scss", &css_options) {

src/static/templates/scss/vaultwarden.scss.hbs

@@ -20,11 +20,6 @@ a[href$="/settings/sponsored-families"] {
   @extend %vw-hide;
 }
 
-/* Hide the `Enterprise Single Sign-On` button on the login page */
-a[routerlink="/sso"] {
-  @extend %vw-hide;
-}
-
 /* Hide Two-Factor menu in Organization settings */
 bit-nav-item[route="settings/two-factor"],
 a[href$="/settings/two-factor"] {
@@ -71,6 +66,20 @@ app-frontend-layout > app-login > form > div > div > div > p {
 }
 {{/if}}
 
+{{#if sso_only}}
+/* Hide Master password login */
+app-login form > div > div > div > div > div:has(button) {
+  @extend %vw-hide;
+}
+{{/if}}
+
+{{#if sso_disabled}}
+/* Hide the `Enterprise Single Sign-On` button on the login page */
+a[routerlink="/sso"] {
+  @extend %vw-hide;
+}
+{{/if}}
+
 /* Hide `Email` 2FA if mail is not enabled */
 {{#unless mail_enabled}}
 app-two-factor-setup ul.list-group.list-group-2fa li.list-group-item:nth-child(5) {