Enforce `hide_login_form` server-side

[dseomn]

How to use GitHub

• Please use the 👍 reaction to show that you are interested into the same feature.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

Is your feature request related to a problem? Please describe.

As far as I can tell, the hide_login_form config parameter is purely cosmetic. It hides the login form, but doesn't disable it on the server.

Describe the solution you'd like

Either enforce hide_login_form on the server, or add a new config parameter to do that.

Describe alternatives you've considered

Locking the passwords of all users (similar to using a crypted hash of ! in /etc/shadow) would work too, but I don't see a way to lock a password, only to change it.

Additional context

I used to use password+U2F to log in, but I'm trying to switch to the oidc_login plugin. I don't want to leave additional login mechanisms around after switching.

[ReimarBauer]

seems the hide_login_form feature does not remove in 24.0.5 the login button from the view.

[adamzvolanek]

Looks like this issue is still present in 26.0.2