feat(EE): LDAP integration (#1515)

* LDAP - WIP * WIP * add hasGeneratedPassword * fix jotai atom * - don't require password confirmation for MFA is user has auto generated password (LDAP) - cleanups * fix * reorder * update migration * update default * fix type error
2026-05-18 23:44:24 +08:00 · 2025-09-02 04:59:01 +01:00
parent 5968764508
commit dcbb65d799
29 changed files with 723 additions and 90 deletions
@@ -25,23 +25,30 @@ import { regenerateBackupCodes } from "@/ee/mfa";
 import { useForm } from "@mantine/form";
 import { zodResolver } from "mantine-form-zod-resolver";
 import { z } from "zod";
+import useCurrentUser from "@/features/user/hooks/use-current-user";

 interface MfaBackupCodesModalProps {
  opened: boolean;
  onClose: () => void;
 }

-const formSchema = z.object({
-  confirmPassword: z.string().min(1, { message: "Password is required" }),
-});
-
 export function MfaBackupCodesModal({
  opened,
  onClose,
 }: MfaBackupCodesModalProps) {
  const { t } = useTranslation();
+  const { data: currentUser } = useCurrentUser();
  const [backupCodes, setBackupCodes] = useState<string[]>([]);
  const [showNewCodes, setShowNewCodes] = useState(false);
+  const requiresPassword = !currentUser?.user?.hasGeneratedPassword;
+
+  const formSchema = requiresPassword
+    ? z.object({
+        confirmPassword: z.string().min(1, { message: "Password is required" }),
+      })
+    : z.object({
+        confirmPassword: z.string().optional(),
+      });

  const form = useForm({
    validate: zodResolver(formSchema),
@@ -51,7 +58,7 @@ export function MfaBackupCodesModal({
  });

  const regenerateMutation = useMutation({
-    mutationFn: (data: { confirmPassword: string }) =>
+    mutationFn: (data: { confirmPassword?: string }) =>
      regenerateBackupCodes(data),
    onSuccess: (data) => {
      setBackupCodes(data.backupCodes);
@@ -73,8 +80,12 @@ export function MfaBackupCodesModal({
    },
  });

-  const handleRegenerate = (values: { confirmPassword: string }) => {
-    regenerateMutation.mutate(values);
+  const handleRegenerate = (values: { confirmPassword?: string }) => {
+    // Only send confirmPassword if it's required (non-SSO users)
+    const payload = requiresPassword
+      ? { confirmPassword: values.confirmPassword }
+      : {};
+    regenerateMutation.mutate(payload);
  };

  const handleClose = () => {
@@ -114,12 +125,16 @@ export function MfaBackupCodesModal({
                )}
              </Text>

-              <PasswordInput
-                label={t("Confirm password")}
-                placeholder={t("Enter your password")}
-                variant="filled"
-                {...form.getInputProps("confirmPassword")}
-              />
+              {requiresPassword && (
+                <PasswordInput
+                  label={t("Confirm password")}
+                  placeholder={t("Enter your password")}
+                  variant="filled"
+                  {...form.getInputProps("confirmPassword")}
+                  autoFocus
+                  data-autofocus
+                />
+              )}

              <Button
                type="submit"