diff --git a/docker/start.sh b/docker/start.sh index 1f50883d..4fac4514 100755 --- a/docker/start.sh +++ b/docker/start.sh @@ -26,11 +26,4 @@ elif [ -d /etc/bitwarden_rs.d ]; then done fi -# Toggle the SSO Link -if [ "$SSO_ENABLED" = "true" ]; then - sed -i 's#a\[routerlink="/sso"\]#a\[routerlink="/sso-sed"\]#' /web-vault/app/main.*.css -else - sed -i 's#a\[routerlink="/sso-sed"\]#a\[routerlink="/sso"\]#' /web-vault/app/main.*.css -fi - exec /vaultwarden "${@}" diff --git a/playwright/tests/sso_login.spec.ts b/playwright/tests/sso_login.spec.ts index 14f7ff35..3c3e99f9 100644 --- a/playwright/tests/sso_login.spec.ts +++ b/playwright/tests/sso_login.spec.ts @@ -38,8 +38,7 @@ test('Non SSO login', async ({ page }) => { await expect(page).toHaveTitle(/Vaults/); }); - -test('Non SSO login Failure', async ({ page, browser }, testInfo: TestInfo) => { +test('Non SSO login impossible', async ({ page, browser }, testInfo: TestInfo) => { await utils.restartVaultwarden(page, testInfo, { SSO_ENABLED: true, SSO_ONLY: true @@ -50,12 +49,8 @@ test('Non SSO login Failure', async ({ page, browser }, testInfo: TestInfo) => { await page.getByLabel(/Email address/).fill(users.user1.email); await page.getByRole('button', { name: 'Continue' }).click(); - // Unlock page - await page.getByLabel('Master password').fill(users.user1.password); - await page.getByRole('button', { name: 'Log in with master password' }).click(); - - // An error should appear - await page.getByLabel('SSO sign-in is required') + // No Master password + await expect(page.getByLabel('Master password')).toBeHidden(); }); test('No SSO login', async ({ page }, testInfo: TestInfo) => { diff --git a/src/api/web.rs b/src/api/web.rs index a96d7e2a..21e0ea5a 100644 --- a/src/api/web.rs +++ b/src/api/web.rs @@ -89,14 +89,16 @@ fn vaultwarden_css() -> Cached> { }); let css_options = json!({ - "web_vault_version": *WEB_VAULT_VERSION, - "vw_version": *VW_VERSION, - "signup_disabled": !CONFIG.signups_allowed() && CONFIG.signups_domains_whitelist().is_empty(), - "mail_enabled": CONFIG.mail_enabled(), - "yubico_enabled": CONFIG._enable_yubico() && (CONFIG.yubico_client_id().is_some() == CONFIG.yubico_secret_key().is_some()), "emergency_access_allowed": CONFIG.emergency_access_allowed(), - "sends_allowed": CONFIG.sends_allowed(), "load_user_scss": true, + "mail_enabled": CONFIG.mail_enabled(), + "sends_allowed": CONFIG.sends_allowed(), + "signup_disabled": !CONFIG.signups_allowed() && CONFIG.signups_domains_whitelist().is_empty(), + "sso_disabled": !CONFIG.sso_enabled(), + "sso_only": CONFIG.sso_enabled() && CONFIG.sso_only(), + "vw_version": *VW_VERSION, + "web_vault_version": *WEB_VAULT_VERSION, + "yubico_enabled": CONFIG._enable_yubico() && (CONFIG.yubico_client_id().is_some() == CONFIG.yubico_secret_key().is_some()), }); let scss = match CONFIG.render_template("scss/vaultwarden.scss", &css_options) { diff --git a/src/static/templates/scss/vaultwarden.scss.hbs b/src/static/templates/scss/vaultwarden.scss.hbs index 3fc3e70e..b3c41fab 100644 --- a/src/static/templates/scss/vaultwarden.scss.hbs +++ b/src/static/templates/scss/vaultwarden.scss.hbs @@ -20,11 +20,6 @@ a[href$="/settings/sponsored-families"] { @extend %vw-hide; } -/* Hide the `Enterprise Single Sign-On` button on the login page */ -a[routerlink="/sso"] { - @extend %vw-hide; -} - /* Hide Two-Factor menu in Organization settings */ bit-nav-item[route="settings/two-factor"], a[href$="/settings/two-factor"] { @@ -71,6 +66,20 @@ app-frontend-layout > app-login > form > div > div > div > p { } {{/if}} +{{#if sso_only}} +/* Hide Master password login */ +app-login form > div > div > div > div > div:has(button) { + @extend %vw-hide; +} +{{/if}} + +{{#if sso_disabled}} +/* Hide the `Enterprise Single Sign-On` button on the login page */ +a[routerlink="/sso"] { + @extend %vw-hide; +} +{{/if}} + /* Hide `Email` 2FA if mail is not enabled */ {{#unless mail_enabled}} app-two-factor-setup ul.list-group.list-group-2fa li.list-group-item:nth-child(5) {