Feature: login though OIDC only

[kennethrioja]

Summary of changes

• When default.feature.login_through_oidc_only is true and default.feature.invitation is false and default.feature.registration is false in config/tess.yml AND ONLY ONE external_api_keys.oidc is setup in config/secrets.yml:
  • A unique 'Log in' button in the nav bar is shown (default is a dropdown). I chose to make it a unique button for UX reasons, one clic only instead of two.
  • When clicking on this button, the user must be redirected to the relevant third-party log in / SSO page.
  • For admin_user to still be able to log in, the /users/sign_in can still be reachable, showing a bigger log in button (which redirects to the SSO) and a hidden Admin log in form (as it is used by FAQs). I know it is not a FAQ per se, but the feature was useful in this context of hiding the Admin login form.

Files:

• app/assets/stylesheets/application.scss: added the btn-oidc-only className for a bigger login button in the /users/sign_in page
• app/helpers/application_helper.rb: added a method to avoid code duplication in app/views/layouts/_login_menu.html.erb
• app/models/user.rb: I tweaked devise when the feature login_through_oidc_only == true, this way it will not be possible to register, to invite, to recover, to remember (compared to the registration feature)
• app/views/devise/sessions/_omniauth_options.html.erb: I added a ternary to add the relevant classNames to the OIDC login button
• app/views/devise/sessions/new.html.erb:
  • l.3-5: This is to avoid repetition with 'Log in' page and 'Log in' button
  • l.15-22: Here I added the in quotes 'faq' drop-down to hide the Admin login.
  • l.36-42: When the login_through_oidc_only feature is true, I do not render the devise links but instead finish the 'faq' tags.
• app/views/layouts/_login_menu.html.erb:
  • l.1-5: in the menu we only show one Log in instead of the Log in 🔽 dropdown.
  • l.12: to avoid code duplication and to keep it readable I added a method in application_helpers.rb
• config/locales/en.yml: added en.authentication.omniauth.admin for the hidden login form in /users/sign_in
• config/tess.example.yml: rearranged default/feature/invitation and default/feature/registration, and added default/feature/login_through_oidc_only
• test/controllers/static_controller_test.rb: to test if the Log in button is found when the feature is enabled
• test/integration/login_test.rb: to test the modified users/sign_in page when the feature is enabled

Motivation and context

• This unique way of login through CERN SSO was mandatory on my side, and it appeared that it could be useful for some TeSS instances. So here is the feature!

Checklist

• I have read and followed the CONTRIBUTING guide.
• I confirm that I have the authority necessary to make this contribution on behalf of its copyright owner and agree
  to license it to the TeSS codebase under the
  BSD license.

[fbacall]

I think registration should be true my default

[fbacall]

Maybe we can just leave this page as it is since it is not accessible normally?