Redirect to the only OAuth2 provider when no other login methods and fix various problems (#36901)

Fixes: #36846 1. When there is only on OAuth2 login method, automatically direct to it 2. Fix legacy problems in code, including: * Rename template filename and fix TODO comments * Fix legacy variable names * Add missing SSPI variable for template * Fix unnecessary layout, remove garbage styles * Only do AppUrl(ROOT_URL) check when it is needed (avoid unnecessary warnings to end users) --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-05-23 05:42:33 +09:00 · 2026-04-01 18:20:57 +05:30
parent ca8c71359c
commit 3ffccb8fe5
11 changed files with 116 additions and 58 deletions
--- a/templates/user/auth/external_auth_methods.tmpl
+++ b/templates/user/auth/external_auth_methods.tmpl
@@ -0,0 +1,18 @@
+<div id="external-login-navigator" class="tw-py-1 tw-flex tw-flex-col tw-gap-3">
+	{{range $provider := .OAuth2Providers}}
+		{{/* use QueryEscape for consistent with frontend urlQueryEscape, it is right for a path component */}}
+		<a class="ui button external-login-link tw-gap-3" data-require-appurl-check="true" rel="nofollow" href="{{AppSubUrl}}/user/oauth2/{{$provider.DisplayName | QueryEscape}}">
+			{{$provider.IconHTML 24}} {{ctx.Locale.Tr "sign_in_with_provider" $provider.DisplayName}}
+		</a>
+	{{end}}
+	{{if .EnableOpenIDSignIn}}
+		<a class="ui button external-login-link tw-gap-3" data-require-appurl-check="true" rel="nofollow" href="{{AppSubUrl}}/user/login/openid">
+			{{svg "fontawesome-openid" 24}} {{ctx.Locale.Tr "sign_in_with_provider" "OpenID"}}
+		</a>
+	{{end}}
+	{{if .EnableSSPI}}
+		<a class="ui button external-login-link tw-gap-3" rel="nofollow" href="{{AppSubUrl}}/user/login?auth_with_sspi=1">
+			{{svg "fontawesome-windows" 24}} Windows SSPI
+		</a>
+	{{end}}
+</div>
--- a/templates/user/auth/oauth_container.tmpl
+++ b/templates/user/auth/oauth_container.tmpl
@@ -1,24 +0,0 @@
-<div id="oauth2-login-navigator" class="tw-py-1">
-	<div class="tw-flex tw-flex-col tw-justify-center">
-		<div id="oauth2-login-navigator-inner" class="tw-flex tw-flex-col tw-flex-wrap tw-items-center tw-gap-2">
-			{{range $provider := .OAuth2Providers}}
-				<a class="{{$provider.Name}} ui button tw-flex tw-items-center tw-justify-center tw-py-2 tw-w-full oauth-login-link" href="{{AppSubUrl}}/user/oauth2/{{$provider.DisplayName}}">
-					{{$provider.IconHTML 28}}
-					{{ctx.Locale.Tr "sign_in_with_provider" $provider.DisplayName}}
-				</a>
-			{{end}}
-			{{if .EnableOpenIDSignIn}}
-				<a class="openid ui button tw-flex tw-items-center tw-justify-center tw-py-2 tw-w-full" href="{{AppSubUrl}}/user/login/openid">
-				{{svg "fontawesome-openid" 28 "tw-mr-2"}}
-				{{ctx.Locale.Tr "sign_in_with_provider" "OpenID"}}
-				</a>
-			{{end}}
-			{{if .EnableSSPI}}
-				<a class="ui button tw-flex tw-items-center tw-justify-center tw-py-2 tw-w-full" rel="nofollow" href="{{AppSubUrl}}/user/login?auth_with_sspi=1">
-					{{svg "fontawesome-windows"}}
-					&nbsp;SSPI
-				</a>
-			{{end}}
-		</div>
-	</div>
-</div>
--- a/templates/user/auth/signin_inner.tmpl
+++ b/templates/user/auth/signin_inner.tmpl
@@ -46,14 +46,13 @@
 				</button>
 			</div>
 		</form>
-		{{end}}{{/*if .EnablePasswordSignInForm*/}}
-		{{/* "oauth_container" contains not only "oauth2" methods, but also "OIDC" and "SSPI" methods */}}
-		{{$showOAuth2Methods := or .OAuth2Providers .EnableOpenIDSignIn .EnableSSPI}}
-		{{if and $showOAuth2Methods .EnablePasswordSignInForm}}
+		{{end}}{{/*end if .EnablePasswordSignInForm*/}}
+		{{$showExternalAuthMethods := or .OAuth2Providers .EnableOpenIDSignIn .EnableSSPI}}
+		{{if and $showExternalAuthMethods .EnablePasswordSignInForm}}
 			<div class="divider divider-text">{{ctx.Locale.Tr "sign_in_or"}}</div>
 		{{end}}
-		{{if $showOAuth2Methods}}
-			{{template "user/auth/oauth_container" .}}
+		{{if $showExternalAuthMethods}}
+			{{template "user/auth/external_auth_methods" .}}
 		{{end}}
 	</div>
 </div>
--- a/templates/user/auth/signup_inner.tmpl
+++ b/templates/user/auth/signup_inner.tmpl
@@ -49,12 +49,10 @@
 					</button>
 				</div>
 			{{end}}
-			{{/* "oauth_container" contains not only "oauth2" methods, but also "OIDC" and "SSPI" methods */}}
-			{{/* TODO: it seems that "EnableSSPI" is only set in "sign-in" handlers, but it should use the same logic to control its display */}}
-			{{$showOAuth2Methods := or .OAuth2Providers .EnableOpenIDSignIn .EnableSSPI}}
-			{{if $showOAuth2Methods}}
+			{{$showExternalAuthMethods := or .OAuth2Providers .EnableOpenIDSignIn .EnableSSPI}}
+			{{if $showExternalAuthMethods}}
 				<div class="divider divider-text">{{ctx.Locale.Tr "sign_in_or"}}</div>
-				{{template "user/auth/oauth_container" .}}
+				{{template "user/auth/external_auth_methods" .}}
 			{{end}}
 		</form>
 	</div>