Skip to content

Improve the login recovery state when credentials are not configured #212

Description

@cmsjade5000

Problem

When the live login form reaches the Login credentials are not configured. path, the page fails closed correctly, but the user-facing recovery state is thin. The profile picker markup is still present in the page, yet visually hidden until unlock, and the error does not point a self-hosted admin toward the setup/recovery path.

This is good self-hosting polish: the security behavior should stay strict, but the UI should explain what happened and what a maintainer can safely do next.

Suggested Scope

  • Update templates/login.html and/or the login view context so the missing-credentials state has a clear, actionable message.
  • Consider hiding or disabling profile-pick forms when credentials are unavailable, so the page does not imply that choosing a profile can work.
  • Point users toward the appropriate first-run setup or maintainer recovery documentation without exposing secrets or local paths.
  • Keep the existing fail-closed behavior in api/routers/ui/login.py intact.

Files or Areas

  • api/routers/ui/login.py
  • templates/login.html
  • static/css/login.css
  • tests/test_login.py
  • Optional docs: README.md, docs/power-outage-recovery.md, or a small self-hosting note if needed

Acceptance Criteria

  • The login page clearly distinguishes invalid credentials from missing/unconfigured credentials.
  • The missing-credentials state does not present profile buttons as if they are usable.
  • No .env values, credential hints, database contents, local paths, or logs are rendered.
  • Existing tests for test_login_fails_closed_when_credentials_missing still pass.
  • Add or update a focused test that asserts the missing-credentials page includes the recovery copy and does not expose an actionable profile picker.

Verification

  • pytest tests/test_login.py
  • Optional visual check: open /login, force the missing credential configuration in a test/dev environment, and confirm the recovery state is understandable.

Contributor Notes

First-time contributors are welcome to fork the repository and open a pull request that links this issue. Please keep the change focused on the missing-credentials user experience; avoid changing authentication policy, secret handling, or deployment scripts unless a maintainer asks for that in review.

Metadata

Metadata

Assignees

No one assigned

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions