From b52204817d477384d525907f804be3237b5f4bff Mon Sep 17 00:00:00 2001
From: Julien Fontanet <julien.fontanet@isonoe.net>
Date: Tue, 26 Nov 2019 13:27:13 +0100
Subject: [PATCH] feat(xo-server): configurable sign in page (#4678)

See xoa-support#1940
---
 CHANGELOG.unreleased.md         | 1 +
 packages/xo-server/config.toml  | 6 ++++++
 packages/xo-server/src/index.js | 2 +-
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.unreleased.md b/CHANGELOG.unreleased.md
index 3ce4b56d5..c7fade146 100644
--- a/CHANGELOG.unreleased.md
+++ b/CHANGELOG.unreleased.md
@@ -9,6 +9,7 @@
 
 - [Backup NG] Make report recipients configurable in the backup settings [#4581](https://github.com/vatesfr/xen-orchestra/issues/4581) (PR [#4646](https://github.com/vatesfr/xen-orchestra/pull/4646))
 - [SAML] Setting to disable requested authentication context (helps with _Active Directory_) (PR [#4675](https://github.com/vatesfr/xen-orchestra/pull/4675))
+- The default sign-in page can be configured via `authentication.defaultSignInPage` (PR [#4678](https://github.com/vatesfr/xen-orchestra/pull/4678))
 
 ### Bug fixes
 
diff --git a/packages/xo-server/config.toml b/packages/xo-server/config.toml
index 43c2cbd9a..78a60e2cf 100644
--- a/packages/xo-server/config.toml
+++ b/packages/xo-server/config.toml
@@ -50,6 +50,12 @@ maxTokenValidity = '0.5 year'
 # https://developer.mozilla.org/fr/docs/Web/HTTP/Headers/Set-Cookie#Session_cookie
 #sessionCookieValidity = '10 hours'
 
+# This is the page where unauthenticated users will be redirected to.
+#
+# For instance, it can be changed to `/signin/saml` if that's the provider that
+# should be used by default.
+defaultSignInPage = '/signin'
+
 [backup]
 # Delay for which backups listing on a remote is cached
 listingDebounce = '1 min'
diff --git a/packages/xo-server/src/index.js b/packages/xo-server/src/index.js
index f134678b0..c710a5df2 100644
--- a/packages/xo-server/src/index.js
+++ b/packages/xo-server/src/index.js
@@ -237,7 +237,7 @@ async function setUpPassport(express, xo, { authentication: authCfg }) {
       next()
     } else {
       req.flash('return-url', url)
-      return res.redirect('/signin')
+      return res.redirect(authCfg.defaultSignInPage)
     }
   })