feat: Add option to disable builtin authentication.

Setting ENABLE_INTERNAL_SIGNIN to false will disable the built-in
signin form, should the administrator prefer to limit users to SSO.

Continuation of forgejo/forgejo#6076

tests/integration/signin_test.go

@@ -12,6 +12,7 @@ import (
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/test"
 	"code.gitea.io/gitea/modules/translation"
 	"code.gitea.io/gitea/tests"
 
@@ -93,3 +94,44 @@ func TestSigninWithRememberMe(t *testing.T) {
 	req = NewRequest(t, "GET", "/user/settings")
 	session.MakeRequest(t, req, http.StatusOK)
 }
+
+func TestDisableSignin(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+	t.Run("Disabled", func(t *testing.T) {
+		defer test.MockVariableValue(&setting.Service.EnableInternalSignIn, false)()
+
+		t.Run("UI", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			req := NewRequest(t, "GET", "/user/login")
+			resp := MakeRequest(t, req, http.StatusOK)
+			htmlDoc := NewHTMLParser(t, resp.Body)
+			htmlDoc.AssertElement(t, "form[action='/user/login']", false)
+		})
+
+		t.Run("Signin", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			req := NewRequest(t, "POST", "/user/login")
+			MakeRequest(t, req, http.StatusForbidden)
+		})
+	})
+
+	t.Run("Enabled", func(t *testing.T) {
+		defer test.MockVariableValue(&setting.Service.EnableInternalSignIn, true)()
+
+		t.Run("UI", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			req := NewRequest(t, "GET", "/user/login")
+			resp := MakeRequest(t, req, http.StatusOK)
+			htmlDoc := NewHTMLParser(t, resp.Body)
+			htmlDoc.AssertElement(t, "form[action='/user/login']", true)
+		})
+
+		t.Run("Signin", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			req := NewRequest(t, "POST", "/user/login")
+			MakeRequest(t, req, http.StatusOK)
+		})
+	})
+}