feat: add dedicated sign-up config for oauth (#13610)

Currently, it is only possible to disable all registrations. However, it
would be helpful if you could disable normal registration but enable
OAuth registration.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Added a setting to enable/disable new user signups via OAuth (default:
enabled).
* Admin Settings (Authentication) now includes a toggle for OAuth
signups.
* OAuth signup flow now respects this setting, preventing new
registrations via OAuth when disabled.
  * Self-hosted configuration schema updated to include the new option.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Signed-off-by: Hudint Finn Weigand <dev@hudint.de>
Co-authored-by: DarkSky <darksky2048@gmail.com>
Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>

.docker/selfhost/schema.json

@@ -148,6 +148,11 @@
           "description": "Whether allow new registrations.\n@default true",
           "default": true
         },
+        "allowSignupForOauth": {
+          "type": "boolean",
+          "description": "Whether allow new registrations via configured oauth.\n@default true",
+          "default": true
+        },
         "requireEmailDomainVerification": {
           "type": "boolean",
           "description": "Whether require email domain record verification before accessing restricted resources.\n@default false",

packages/backend/server/src/core/auth/config.ts

@@ -8,6 +8,7 @@ export interface AuthConfig {
     ttr: number;
   };
   allowSignup: boolean;
+  allowSignupForOauth: boolean;
   requireEmailDomainVerification: boolean;
   requireEmailVerification: boolean;
   passwordRequirements: ConfigItem<{
@@ -27,6 +28,10 @@ defineModuleConfig('auth', {
     desc: 'Whether allow new registrations.',
     default: true,
   },
+  allowSignupForOauth: {
+    desc: 'Whether allow new registrations via configured oauth.',
+    default: true,
+  },
   requireEmailDomainVerification: {
     desc: 'Whether require email domain record verification before accessing restricted resources.',
     default: false,

packages/backend/server/src/plugins/oauth/controller.ts

@@ -224,7 +224,7 @@ export class OAuthController {
       return connectedAccount.user;
     }
 
-    if (!this.config.auth.allowSignup) {
+    if (!this.config.auth.allowSignupForOauth) {
       throw new SignUpForbidden();
     }
 

packages/frontend/admin/src/config.json

@@ -63,6 +63,10 @@
       "type": "Boolean",
       "desc": "Whether allow new registrations."
     },
+    "allowSignupForOauth": {
+      "type": "Boolean",
+      "desc": "Whether allow new registrations via configured oauth."
+    },
     "requireEmailDomainVerification": {
       "type": "Boolean",
       "desc": "Whether require email domain record verification before accessing restricted resources."

packages/frontend/admin/src/modules/settings/config.ts

@@ -55,6 +55,7 @@ export const KNOWN_CONFIG_GROUPS = [
     module: 'auth',
     fields: [
       'allowSignup',
+      'allowSignupForOauth',
       // nested json object
       {
         key: 'passwordRequirements',