Adds a global admin setting to hide the username/password form on the
login page, useful for deployments that rely solely on SSO/OIDC or
passkeys. The form defaults to enabled so existing deployments are
unaffected.
Changes:
- Add PASSWORD_LOGIN_ENABLED_KEY constant
- Add isPasswordLoginEnabled / setPasswordLoginEnabled to system service
(defaults to true when no DB record exists)
- Add GET/PUT /api/v1/system/password-login-status endpoints (GET
auth-gated for admin use; setting is exposed to the login page via
the existing getLoginOptions server function)
- Extend getLoginOptions to include passwordLoginEnabled
- Conditionally render the password login form in LoginPage
- Add "Enable password login" toggle in the admin System Settings tab,
next to "Enable new user registrations"
- Add corresponding entries to generated API client files
(types.gen.ts, sdk.gen.ts, @tanstack/react-query.gen.ts)
Closes#941