Feature: Add "Authentication Method" to allow existing users to sign in with LDAP (#2143)

* adds authentication method for users

* fix db migration with postgres

* tests for auth method

* update migration ids

* hide auth method on user creation form

* (docs): Added documentation for the new authentication method

* update migration

* add  to auto-form instead of having hidden fields

docs/docs/documentation/getting-started/installation/backend-config.md

@@ -17,7 +17,6 @@
 | TZ            |          UTC          | Must be set to get correct date/time on the server                                  |
 | ALLOW_SIGNUP  |         true          | Allow user sign-up without token (should match frontend env)                        |
 
-
 ### Security
 
 | Variables                   | Default | Description                                                                         |
@@ -36,7 +35,6 @@
 | POSTGRES_PORT     |   5432   | Postgres database port           |
 | POSTGRES_DB       |  mealie  | Postgres database name           |
 
-
 ### Email
 
 | Variables          | Default | Description                                       |
@@ -50,6 +48,7 @@
 | SMTP_PASSWORD      |  None   | Required if SMTP_AUTH_STRATEGY is 'TLS' or 'SSL'  |
 
 ### Webworker
+
 Changing the webworker settings may cause unforeseen memory leak issues with Mealie. It's best to leave these at the defaults unless you begin to experience issues with multiple users. Exercise caution when changing these settings
 
 | Variables        | Default | Description                                                                                                                       |
@@ -59,9 +58,9 @@ Changing the webworker settings may cause unforeseen memory leak issues with Mea
 | MAX_WORKERS      |    1    | Set the maximum number of workers to use. Default is not set meaning unlimited. More info [here][max_workers]                     |
 | WEB_CONCURRENCY  |    1    | Override the automatic definition of number of workers. More info [here][web_concurrency]                                         |
 
-
 ### LDAP
 
+<!-- prettier-ignore -->
 | Variables           | Default | Description                                                                                                        |
 | ------------------- | :-----: | ------------------------------------------------------------------------------------------------------------------ |
 | LDAP_AUTH_ENABLED   |  False  | Authenticate via an external LDAP server in addidion to built-in Mealie auth                                       |
@@ -71,7 +70,7 @@ Changing the webworker settings may cause unforeseen memory leak issues with Mea
 | LDAP_BASE_DN        |  None   | Starting point when searching for users authentication (e.g. `CN=Users,DC=xx,DC=yy,DC=de`)                         |
 | LDAP_QUERY_BIND     |  None   | A bind user for LDAP search queries (e.g. `cn=admin,cn=users,dc=example,dc=com`)                                   |
 | LDAP_QUERY_PASSWORD |  None   | The password for the bind user used in LDAP_QUERY_BIND                                                             |
-| LDAP_USER_FILTER    |  None   | The LDAP search filter to find users (e.g. `(&(                                                                    | ({id_attribute}={input})({mail_attribute}={input}))(objectClass=person))`).<br/> **Note** `id_attribute` and `mail_attribute` will be replaced with `LDAP_ID_ATTRIBUTE` and `LDAP_MAIL_ATTRIBUTE`, respectively. `input` will be replaced with either the username or email the user logs in with. |
+| LDAP_USER_FILTER    |  None   |  The LDAP search filter to find users (e.g. `(&(|({id_attribute}={input})({mail_attribute}={input}))(objectClass=person))`).<br/> **Note** `id_attribute` and `mail_attribute` will be replaced with `LDAP_ID_ATTRIBUTE` and `LDAP_MAIL_ATTRIBUTE`, respectively. `input` will be replaced with either the username or email the user logs in with.                                                                                                                  |
 | LDAP_ADMIN_FILTER   |  None   | Optional LDAP filter, which tells Mealie the LDAP user is an admin (e.g. `(memberOf=cn=admins,dc=example,dc=com)`) |
 | LDAP_ID_ATTRIBUTE   |   uid   | The LDAP attribute that maps to the user's id                                                                      |
 | LDAP_NAME_ATTRIBUTE |  name   | The LDAP attribute that maps to the user's name                                                                    |

docs/docs/documentation/getting-started/usage/ldap.md

@@ -0,0 +1,8 @@
+# LDAP Authentication
+
+If LDAP is enabled and [configured properly](../installation/backend-config.md), users will be able to log in with their LDAP credentials. If the user does not already have an account in Mealie, then one will be created.
+
+If the user already has an account in Mealie and wants to use their LDAP credentials instead, then you can go to the **User Management** page in the admin panel and change the "Authentication Backend" from `Mealie` to `LDAP`. If for whatever reason, the user no longer wants to use LDAP authentication, then you can switch this back to `Mealie`.
+
+!!! warning "Head's Up"
+    If you switch a user from `LDAP` to `Mealie` who was initially created by LDAP, then the user will have to reset their password through the password reset flow.

docs/mkdocs.yml

@@ -75,6 +75,7 @@ nav:
           - Backend Configuration: "documentation/getting-started/installation/backend-config.md"
       - Usage:
           - Backup and Restoring: "documentation/getting-started/usage/backups-and-restoring.md"
+          - LDAP Authentication: "documentation/getting-started/usage/ldap.md"
 
       - Community Guides:
           - iOS Shortcuts: "documentation/community-guide/ios.md"