feat: Add configurable password change toggle via system.allow_change_password (#1869)

* Initial plan * Add password change toggle feature with config flag Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com> * Feature implementation complete and validated Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com> * chore: remove lock --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com> Co-authored-by: Junyan Qin <rockchinq@gmail.com>
2026-06-04 21:06:03 +00:00 · 2025-12-18 15:14:03 +08:00
parent 16c1e9edd1
commit ae772074a1
6 changed files with 32 additions and 17 deletions
--- a/src/langbot/pkg/api/http/controller/groups/system.py
+++ b/src/langbot/pkg/api/http/controller/groups/system.py
@@ -23,6 +23,9 @@ class SystemRouterGroup(group.RouterGroup):
                        if 'cloud_service_url' in self.ap.instance_config.data.get('plugin', {})
                        else 'https://space.langbot.app'
                    ),
+                    'allow_change_password': self.ap.instance_config.data.get('system', {}).get(
+                        'allow_change_password', True
+                    ),
                }
            )

--- a/src/langbot/pkg/api/http/controller/groups/user.py
+++ b/src/langbot/pkg/api/http/controller/groups/user.py
@@ -70,6 +70,13 @@ class UserRouterGroup(group.RouterGroup):

        @self.route('/change-password', methods=['POST'], auth_type=group.AuthType.USER_TOKEN)
        async def _(user_email: str) -> str:
+            # Check if password change is allowed
+            allow_change_password = self.ap.instance_config.data.get('system', {}).get(
+                'allow_change_password', True
+            )
+            if not allow_change_password:
+                return self.http_status(403, -1, 'Password change is disabled')
+
            json_data = await quart.request.json

            current_password = json_data['current_password']
--- a/src/langbot/templates/config.yaml
+++ b/src/langbot/templates/config.yaml
@@ -16,6 +16,7 @@ proxy:
    https: ''
 system:
    recovery_key: ''
+    allow_change_password: true
    jwt:
        expire: 604800
        secret: ''
--- a/web/src/app/home/components/home-sidebar/HomeSidebar.tsx
+++ b/web/src/app/home/components/home-sidebar/HomeSidebar.tsx
@@ -299,24 +299,26 @@ export default function HomeSidebar({
                </svg>
                {t('common.helpDocs')}
              </Button>
-              <Button
-                variant="ghost"
-                className="w-full justify-start font-normal"
-                onClick={() => {
-                  setPasswordChangeOpen(true);
-                  setPopoverOpen(false);
-                }}
-              >
-                <svg
-                  xmlns="http://www.w3.org/2000/svg"
-                  viewBox="0 0 24 24"
-                  fill="currentColor"
-                  className="w-4 h-4 mr-2"
+              {systemInfo?.allow_change_password && (
+                <Button
+                  variant="ghost"
+                  className="w-full justify-start font-normal"
+                  onClick={() => {
+                    setPasswordChangeOpen(true);
+                    setPopoverOpen(false);
+                  }}
                >
-                  <path d="M6 8V7C6 3.68629 8.68629 1 12 1C15.3137 1 18 3.68629 18 7V8H20C20.5523 8 21 8.44772 21 9V21C21 21.5523 20.5523 22 20 22H4C3.44772 22 3 21.5523 3 21V9C3 8.44772 3.44772 8 4 8H6ZM19 10H5V20H19V10ZM11 15.7324C10.4022 15.3866 10 14.7403 10 14C10 12.8954 10.8954 12 12 12C13.1046 12 14 12.8954 14 14C14 14.7403 13.5978 15.3866 13 15.7324V18H11V15.7324ZM8 8H16V7C16 4.79086 14.2091 3 12 3C9.79086 3 8 4.79086 8 7V8Z"></path>
-                </svg>
-                {t('common.changePassword')}
-              </Button>
+                  <svg
+                    xmlns="http://www.w3.org/2000/svg"
+                    viewBox="0 0 24 24"
+                    fill="currentColor"
+                    className="w-4 h-4 mr-2"
+                  >
+                    <path d="M6 8V7C6 3.68629 8.68629 1 12 1C15.3137 1 18 3.68629 18 7V8H20C20.5523 8 21 8.44772 21 9V21C21 21.5523 20.5523 22 20 22H4C3.44772 22 3 21.5523 3 21V9C3 8.44772 3.44772 8 4 8H6ZM19 10H5V20H19V10ZM11 15.7324C10.4022 15.3866 10 14.7403 10 14C10 12.8954 10.8954 12 12 12C13.1046 12 14 12.8954 14 14C14 14.7403 13.5978 15.3866 13 15.7324V18H11V15.7324ZM8 8H16V7C16 4.79086 14.2091 3 12 3C9.79086 3 8 4.79086 8 7V8Z"></path>
+                  </svg>
+                  {t('common.changePassword')}
+                </Button>
+              )}
              <Button
                variant="ghost"
                className="w-full justify-start font-normal"
--- a/web/src/app/infra/entities/api/index.ts
+++ b/web/src/app/infra/entities/api/index.ts
@@ -235,6 +235,7 @@ export interface ApiRespSystemInfo {
  version: string;
  cloud_service_url: string;
  enable_marketplace: boolean;
+  allow_change_password: boolean;
 }

 export interface ApiRespPluginSystemStatus {
--- a/web/src/app/infra/http/index.ts
+++ b/web/src/app/infra/http/index.ts
@@ -8,6 +8,7 @@ export let systemInfo: ApiRespSystemInfo = {
  version: '',
  enable_marketplace: true,
  cloud_service_url: '',
+  allow_change_password: true,
 };

 /**