feat: Control the allowed login methods via Super Admin (#12892)

- Control the allowed authentication methods for a chatwoot installation via super admin configs. [SAML, Google Auth etc] ------ [Codex Task](https://chatgpt.com/codex/tasks/task_e_6917d503b6e48326a261672c1de91462) --------- Co-authored-by: Pranav <pranav@chatwoot.com> Co-authored-by: Sivin Varghese <64252451+iamsivin@users.noreply.github.com>
2025-11-17 21:55:12 -08:00
parent 5b56f64838
commit 77f492590e
14 changed files with 107 additions and 14 deletions
--- a/app/models/installation_config.rb
+++ b/app/models/installation_config.rb
@@ -23,6 +23,7 @@ class InstallationConfig < ApplicationRecord

  before_validation :set_lock
  validates :name, presence: true
+  validate :saml_sso_users_check, if: -> { name == 'ENABLE_SAML_SSO_LOGIN' }

  # TODO: Get rid of default scope
  # https://stackoverflow.com/a/1834250/939299
@@ -54,4 +55,11 @@ class InstallationConfig < ApplicationRecord
  def clear_cache
    GlobalConfig.clear_cache
  end
+
+  def saml_sso_users_check
+    return unless value == false || value == 'false'
+    return unless User.exists?(provider: 'saml')
+
+    errors.add(:base, 'Cannot disable SAML SSO login while users are using SAML authentication')
+  end
 end