refactor(auth): post-review tidy — drop @NotNull, refresh e2e comment, use oidc.primary

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-26 19:48:20 +02:00
parent 71688dea16
commit 45b5f473c9
3 changed files with 8 additions and 8 deletions
--- a/cameleer-server-app/src/main/java/com/cameleer/server/app/dto/AuthCapabilitiesResponse.java
+++ b/cameleer-server-app/src/main/java/com/cameleer/server/app/dto/AuthCapabilitiesResponse.java
@@ -1,7 +1,6 @@
 package com.cameleer.server.app.dto;

 import io.swagger.v3.oas.annotations.media.Schema;
-import jakarta.validation.constraints.NotNull;

@Schema(description = "Authentication capabilities reported to the SPA so it can render the login page deterministically")
 public record AuthCapabilitiesResponse(
@@ -12,7 +11,7 @@ public record AuthCapabilitiesResponse(
    @Schema(description = "OIDC interactive login")
    public record Oidc(
            @Schema(description = "Whether OIDC is configured AND enabled") boolean enabled,
-            @Schema(description = "Best-effort display label, e.g. \"Logto\", \"Keycloak\", \"Single Sign-On\"") @NotNull String providerName,
+            @Schema(description = "Best-effort display label, e.g. \"Logto\", \"Keycloak\", \"Single Sign-On\"") String providerName,
            @Schema(description = "When true, OIDC is the canonical entry point and the SPA hides the local form unless ?local is set") boolean primary
    ) {}

--- a/ui/src/auth/LoginPage.tsx
+++ b/ui/src/auth/LoginPage.tsx
@@ -52,14 +52,14 @@ export function LoginPage() {
  if (isAuthenticated) return <Navigate to="/" replace />;
  if (capsLoading) return null;

-  const oidcEnabled = caps?.oidc?.enabled === true;
+  const oidcPrimary = caps?.oidc?.primary === true;
  const adminRecoveryOnly = caps?.localAccounts?.adminRecoveryOnly === true;
  const providerName = caps?.oidc?.providerName || 'Single Sign-On';

  // Render decisions
-  const showSsoPrimary = oidcEnabled && adminRecoveryOnly && !forceLocal;
-  const showLocalForm = !oidcEnabled || forceLocal || !adminRecoveryOnly || capsFailed;
-  const showAdminRecoveryBanner = oidcEnabled && adminRecoveryOnly && forceLocal;
+  const showSsoPrimary = oidcPrimary && adminRecoveryOnly && !forceLocal;
+  const showLocalForm = !oidcPrimary || forceLocal || !adminRecoveryOnly || capsFailed;
+  const showAdminRecoveryBanner = oidcPrimary && adminRecoveryOnly && forceLocal;

  const handleSubmit = (e: FormEvent) => {
    e.preventDefault();
--- a/ui/src/test/e2e/fixtures.ts
+++ b/ui/src/test/e2e/fixtures.ts
@@ -19,8 +19,9 @@ type Fixtures = {
 export const test = base.extend<Fixtures>({
  loggedIn: [
    async ({ page }, use) => {
-      // `?local` keeps the login page's auto-OIDC-redirect from firing so the
-      // form-based login works even when an OIDC config happens to be present.
+      // Navigate to ?local to bypass the SSO-primary page and reach the local
+      // form directly, so the fixture works regardless of whether OIDC is
+      // configured on the test server.
      await page.goto('/login?local');
      await page.getByLabel(/username/i).fill(ADMIN_USER);
      await page.getByLabel(/password/i).fill(ADMIN_PASS);