feat: Control the allowed login methods via Super Admin (#12892)

- Control the allowed authentication methods for a chatwoot installation
via super admin configs. [SAML, Google Auth etc]
------
[Codex
Task](https://chatgpt.com/codex/tasks/task_e_6917d503b6e48326a261672c1de91462)

---------

Co-authored-by: Pranav <pranav@chatwoot.com>
Co-authored-by: Sivin Varghese <64252451+iamsivin@users.noreply.github.com>

enterprise/app/controllers/api/v1/accounts/saml_settings_controller.rb

@@ -1,4 +1,5 @@
 class Api::V1::Accounts::SamlSettingsController < Api::V1::Accounts::BaseController
+  before_action :check_saml_sso_enabled
   before_action :check_saml_feature_enabled
   before_action :check_authorization
   before_action :set_saml_settings
@@ -53,4 +54,10 @@ class Api::V1::Accounts::SamlSettingsController < Api::V1::Accounts::BaseControl
 
     render json: { error: I18n.t('errors.saml.feature_not_enabled') }, status: :forbidden
   end
+
+  def check_saml_sso_enabled
+    return if GlobalConfigService.load('ENABLE_SAML_SSO_LOGIN', 'true').to_s == 'true'
+
+    render json: { error: I18n.t('errors.saml.sso_not_enabled') }, status: :forbidden
+  end
 end

enterprise/app/controllers/api/v1/auth_controller.rb

@@ -3,6 +3,11 @@ class Api::V1::AuthController < Api::BaseController
   before_action :find_user_and_account, only: [:saml_login]
 
   def saml_login
+    unless saml_sso_enabled?
+      render json: { error: 'SAML SSO login is not enabled' }, status: :forbidden
+      return
+    end
+
     return if @account.nil?
 
     relay_state = params[:target] || 'web'
@@ -69,4 +74,8 @@ class Api::V1::AuthController < Api::BaseController
 
     "#{frontend_url}/app/login/sso#{query_fragment}"
   end
+
+  def saml_sso_enabled?
+    GlobalConfigService.load('ENABLE_SAML_SSO_LOGIN', 'true').to_s == 'true'
+  end
 end