From 2d45e04a906f76749654e05a67bc5e1a1944112a Mon Sep 17 00:00:00 2001 From: Igor Scheller Date: Fri, 3 Dec 2021 23:00:37 +0100 Subject: [PATCH] Added option to allow sso account creation even if public registration is disabled --- config/config.default.php | 4 +++- includes/pages/guest_login.php | 5 ++++- src/Controllers/OAuthController.php | 19 ++++++++++++++----- .../Unit/Controllers/OAuthControllerTest.php | 1 + 4 files changed, 22 insertions(+), 7 deletions(-) diff --git a/config/config.default.php b/config/config.default.php index a9963288..c3cc956c 100644 --- a/config/config.default.php +++ b/config/config.default.php @@ -99,12 +99,14 @@ return [ 'first_name' => 'first-name', // Info last name field (optional) 'last_name' => 'last-name', - // User URL to provider, shown on provider settings page (optional) + // User URL to provider, linked on provider settings page (optional) 'url' => '[provider page]', // Only show after clicking the page title (optional) 'hidden' => false, // Mark user as arrived when using this provider (optional) 'mark_arrived' => false, + // Allow registration even if disabled in config (optional) + 'allow_registration' => null, // Auto join teams // Info groups field (optional) 'groups' => 'groups', diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index 370e15a5..8c618aa2 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -74,7 +74,10 @@ function guest_register() } } - if (!auth()->can('register') || (!$authUser && !config('registration_enabled'))) { + if ( + !auth()->can('register') + || (!$authUser && !config('registration_enabled') && !$session->get('oauth2_allow_registration')) + ) { error(__('Registration is disabled.')); return page_with_title(register_title(), [ diff --git a/src/Controllers/OAuthController.php b/src/Controllers/OAuthController.php index 06542ad5..4b18b360 100644 --- a/src/Controllers/OAuthController.php +++ b/src/Controllers/OAuthController.php @@ -175,10 +175,6 @@ class OAuthController extends BaseController $config = $this->config->get('oauth')[$providerName]; $userdata = new Collection($resourceOwner->toArray()); if (!$oauth) { - if (!$this->config->get('registration_enabled')) { - throw new HttpNotFound('oauth.not-found'); - } - return $this->redirectRegister( $providerName, $resourceOwner->getId(), @@ -349,9 +345,21 @@ class OAuthController extends BaseController Collection $userdata ): Response { $config = array_merge( - ['username' => null, 'email' => null, 'first_name' => null, 'last_name' => null, 'groups' => null], + [ + 'username' => null, + 'email' => null, + 'first_name' => null, + 'last_name' => null, + 'allow_registration' => null, + 'groups' => null, + ], $config ); + + if (!$this->config->get('registration_enabled') && !$config['allow_registration']) { + throw new HttpNotFound('oauth.not-found'); + } + $this->session->set( 'form_data', [ @@ -370,6 +378,7 @@ class OAuthController extends BaseController $this->session->set('oauth2_access_token', $accessToken->getToken()); $this->session->set('oauth2_refresh_token', $accessToken->getRefreshToken()); $this->session->set('oauth2_expires_at', $expirationTime); + $this->session->set('oauth2_allow_registration', $config['allow_registration']); return $this->redirector->to('/register'); } diff --git a/tests/Unit/Controllers/OAuthControllerTest.php b/tests/Unit/Controllers/OAuthControllerTest.php index 2d2caaaf..2395a28b 100644 --- a/tests/Unit/Controllers/OAuthControllerTest.php +++ b/tests/Unit/Controllers/OAuthControllerTest.php @@ -428,6 +428,7 @@ class OAuthControllerTest extends TestCase $this->assertEquals('test-token', $this->session->get('oauth2_access_token')); $this->assertEquals('test-refresh-token', $this->session->get('oauth2_refresh_token')); $this->assertEquals(4242424242, $this->session->get('oauth2_expires_at')->unix()); + $this->assertEquals(null, $this->session->get('oauth2_allow_registration')); $this->assertEquals( [ 'name' => 'username',