Adds a global admin setting to hide the username/password form on the
login page, useful for deployments that rely solely on SSO/OIDC or
passkeys. The form defaults to enabled so existing deployments are
unaffected.
Changes:
- Add PASSWORD_LOGIN_ENABLED_KEY constant
- Add isPasswordLoginEnabled / setPasswordLoginEnabled to system service
(defaults to true when no DB record exists)
- Add GET/PUT /api/v1/system/password-login-status endpoints (GET
auth-gated for admin use; setting is exposed to the login page via
the existing getLoginOptions server function)
- Extend getLoginOptions to include passwordLoginEnabled
- Conditionally render the password login form in LoginPage
- Add "Enable password login" toggle in the admin System Settings tab,
next to "Enable new user registrations"
- Add corresponding entries to generated API client files
(types.gen.ts, sdk.gen.ts, @tanstack/react-query.gen.ts)
Closes#941
* fix: block login for 2fa users with un-verified passkeys
* refactor(passkey): show proper login error
* refactor: show passkey generic error on all failures
* feat: edit repository form
* refactor: local repo path concat as a code migration
* refactor: server constants
* chore: fix lint issue in test file
* refactor: add auth to getServerConstants