Allow ENABLE_OPENID_SIGNUP to depend on DISABLE_REGISTRATION (#1369)

* Allow ENABLE_OPENID_SIGNUP to depend on DISABLE_REGISTRATION

Omit the configuration variable (the default) to be dependent.
Fixes #1363

* Move OpenID settings under Service object

* Show OpenID SignUp and SignIn status in admin panel / configuration

7 files changed, 47 insertions, 38 deletions

diff --git a/cmd/web.go b/cmd/web.go
index 3a20191bc5..1f2561ca68 100644
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -200,7 +200,7 @@ func runWeb(ctx *cli.Context) error {
 	m.Group("/user", func() {
 		m.Get("/login", user.SignIn)
 		m.Post("/login", bindIgnErr(auth.SignInForm{}), user.SignInPost)
-		if setting.EnableOpenIDSignIn {
+		if setting.Service.EnableOpenIDSignIn {
 			m.Combo("/login/openid").
 				Get(user.SignInOpenID).
 				Post(bindIgnErr(auth.SignInOpenIDForm{}), user.SignInOpenIDPost)
@@ -243,7 +243,7 @@ func runWeb(ctx *cli.Context) error {
 		m.Post("/email/delete", user.DeleteEmail)
 		m.Get("/password", user.SettingsPassword)
 		m.Post("/password", bindIgnErr(auth.ChangePasswordForm{}), user.SettingsPasswordPost)
-		if setting.EnableOpenIDSignIn {
+		if setting.Service.EnableOpenIDSignIn {
 			m.Group("/openid", func() {
 				m.Combo("").Get(user.SettingsOpenID).
 					Post(bindIgnErr(auth.AddOpenIDForm{}), user.SettingsOpenIDPost)
diff --git a/conf/app.ini b/conf/app.ini
index 32791ed162..07c3a1d21c 100644
--- a/conf/app.ini
+++ b/conf/app.ini
@@ -203,7 +203,8 @@ IMPORT_LOCAL_PATHS = false
 ; Whether to allow signin in via OpenID
 ENABLE_OPENID_SIGNIN = true
 ; Whether to allow registering via OpenID
-ENABLE_OPENID_SIGNUP = true
+; Do not include to rely on DISABLE_REGISTRATION setting
+;ENABLE_OPENID_SIGNUP = true
 ; Allowed URI patterns (POSIX regexp).
 ; Space separated.
 ; Only these would be allowed if non-blank.
diff --git a/modules/context/context.go b/modules/context/context.go
index 52e50af6a1..e96bf5bd3f 100644
--- a/modules/context/context.go
+++ b/modules/context/context.go
@@ -197,7 +197,7 @@ func Contexter() macaron.Handler {
 		ctx.Data["ShowRegistrationButton"] = setting.Service.ShowRegistrationButton
 		ctx.Data["ShowFooterBranding"] = setting.ShowFooterBranding
 		ctx.Data["ShowFooterVersion"] = setting.ShowFooterVersion
-		ctx.Data["EnableOpenIDSignIn"] = setting.EnableOpenIDSignIn
+		ctx.Data["EnableOpenIDSignIn"] = setting.Service.EnableOpenIDSignIn
 
 		c.Map(ctx)
 	}
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index 8c45e61e81..59cc755d03 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -121,12 +121,6 @@ var (
 	MinPasswordLength    int
 	ImportLocalPaths     bool
 
-	// OpenID settings
-	EnableOpenIDSignIn bool
-	EnableOpenIDSignUp bool
-	OpenIDWhitelist    []*regexp.Regexp
-	OpenIDBlacklist    []*regexp.Regexp
-
 	// Database settings
 	UseSQLite3    bool
 	UseMySQL      bool
@@ -758,24 +752,6 @@ please consider changing to GITEA_CUSTOM`)
 	MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(6)
 	ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false)
 
-	sec = Cfg.Section("openid")
-	EnableOpenIDSignIn = sec.Key("ENABLE_OPENID_SIGNIN").MustBool(true)
-	EnableOpenIDSignUp = sec.Key("ENABLE_OPENID_SIGNUP").MustBool(true)
-	pats := sec.Key("WHITELISTED_URIS").Strings(" ")
-	if len(pats) != 0 {
-		OpenIDWhitelist = make([]*regexp.Regexp, len(pats))
-		for i, p := range pats {
-			OpenIDWhitelist[i] = regexp.MustCompilePOSIX(p)
-		}
-	}
-	pats = sec.Key("BLACKLISTED_URIS").Strings(" ")
-	if len(pats) != 0 {
-		OpenIDBlacklist = make([]*regexp.Regexp, len(pats))
-		for i, p := range pats {
-			OpenIDBlacklist[i] = regexp.MustCompilePOSIX(p)
-		}
-	}
-
 	sec = Cfg.Section("attachment")
 	AttachmentPath = sec.Key("PATH").MustString(path.Join(AppDataPath, "attachments"))
 	if !filepath.IsAbs(AttachmentPath) {
@@ -939,6 +915,13 @@ var Service struct {
 	EnableCaptcha                  bool
 	DefaultKeepEmailPrivate        bool
 	NoReplyAddress                 string
+
+	// OpenID settings
+	EnableOpenIDSignIn bool
+	EnableOpenIDSignUp bool
+	OpenIDWhitelist    []*regexp.Regexp
+	OpenIDBlacklist    []*regexp.Regexp
+
 }
 
 func newService() {
@@ -953,6 +936,25 @@ func newService() {
 	Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool()
 	Service.DefaultKeepEmailPrivate = sec.Key("DEFAULT_KEEP_EMAIL_PRIVATE").MustBool()
 	Service.NoReplyAddress = sec.Key("NO_REPLY_ADDRESS").MustString("noreply.example.org")
+
+	sec = Cfg.Section("openid")
+	Service.EnableOpenIDSignIn = sec.Key("ENABLE_OPENID_SIGNIN").MustBool(true)
+	Service.EnableOpenIDSignUp = sec.Key("ENABLE_OPENID_SIGNUP").MustBool(!Service.DisableRegistration)
+	pats := sec.Key("WHITELISTED_URIS").Strings(" ")
+	if len(pats) != 0 {
+		Service.OpenIDWhitelist = make([]*regexp.Regexp, len(pats))
+		for i, p := range pats {
+			Service.OpenIDWhitelist[i] = regexp.MustCompilePOSIX(p)
+		}
+	}
+	pats = sec.Key("BLACKLISTED_URIS").Strings(" ")
+	if len(pats) != 0 {
+		Service.OpenIDBlacklist = make([]*regexp.Regexp, len(pats))
+		for i, p := range pats {
+			Service.OpenIDBlacklist[i] = regexp.MustCompilePOSIX(p)
+		}
+	}
+
 }
 
 var logLevels = map[string]string{
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 2251075963..80260d4b7d 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -1211,6 +1211,8 @@ config.db_path_helper = (for "sqlite3" and "tidb")
 config.service_config = Service Configuration
 config.register_email_confirm = Require Email Confirmation
 config.disable_register = Disable Registration
+config.enable_openid_signup = Enable Registration via OpenID
+config.enable_openid_signin = Enable OpenID Sign In
 config.show_registration_button = Show Register Button
 config.require_sign_in_view = Require Sign In View
 config.mail_notify = Mail Notification
diff --git a/routers/user/auth_openid.go b/routers/user/auth_openid.go
index c5575814f1..7d4df342e9 100644
--- a/routers/user/auth_openid.go
+++ b/routers/user/auth_openid.go
@@ -68,8 +68,8 @@ func allowedOpenIDURI(uri string) (err error) {
 
 	// In case a Whitelist is present, URI must be in it
 	// in order to be accepted
-	if len(setting.OpenIDWhitelist) != 0 {
-		for _, pat := range setting.OpenIDWhitelist {
+	if len(setting.Service.OpenIDWhitelist) != 0 {
+		for _, pat := range setting.Service.OpenIDWhitelist {
 			if pat.MatchString(uri) {
 				return nil // pass
 			}
@@ -79,7 +79,7 @@ func allowedOpenIDURI(uri string) (err error) {
 	}
 
 	// A blacklist match expliclty forbids
-	for _, pat := range setting.OpenIDBlacklist {
+	for _, pat := range setting.Service.OpenIDBlacklist {
 		if pat.MatchString(uri) {
 			return fmt.Errorf("URI forbidden by blacklist")
 		}
@@ -231,7 +231,7 @@ func signInOpenIDVerify(ctx *context.Context) {
 
 	ctx.Session.Set("openid_determined_username", nickname)
 
-	if u != nil || !setting.EnableOpenIDSignUp {
+	if u != nil || !setting.Service.EnableOpenIDSignUp {
 		ctx.Redirect(setting.AppSubURL + "/user/openid/connect")
 	} else {
 		ctx.Redirect(setting.AppSubURL + "/user/openid/register")
@@ -248,7 +248,7 @@ func ConnectOpenID(ctx *context.Context) {
 	ctx.Data["Title"] = "OpenID connect"
 	ctx.Data["PageIsSignIn"] = true
 	ctx.Data["PageIsOpenIDConnect"] = true
-	ctx.Data["EnableOpenIDSignUp"] = setting.EnableOpenIDSignUp
+	ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
 	ctx.Data["OpenID"] = oid
 	userName, _ := ctx.Session.Get("openid_determined_username").(string)
 	if userName != "" {
@@ -267,7 +267,7 @@ func ConnectOpenIDPost(ctx *context.Context, form auth.ConnectOpenIDForm) {
 	ctx.Data["Title"] = "OpenID connect"
 	ctx.Data["PageIsSignIn"] = true
 	ctx.Data["PageIsOpenIDConnect"] = true
-	ctx.Data["EnableOpenIDSignUp"] = setting.EnableOpenIDSignUp
+	ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
 	ctx.Data["OpenID"] = oid
 
 	u, err := models.UserSignIn(form.UserName, form.Password)
@@ -300,7 +300,7 @@ func ConnectOpenIDPost(ctx *context.Context, form auth.ConnectOpenIDForm) {
 
 // RegisterOpenID shows a form to create a new user authenticated via an OpenID URI
 func RegisterOpenID(ctx *context.Context) {
-	if !setting.EnableOpenIDSignUp {
+	if !setting.Service.EnableOpenIDSignUp {
 		ctx.Error(403)
 		return
 	}
@@ -312,7 +312,7 @@ func RegisterOpenID(ctx *context.Context) {
 	ctx.Data["Title"] = "OpenID signup"
 	ctx.Data["PageIsSignIn"] = true
 	ctx.Data["PageIsOpenIDRegister"] = true
-	ctx.Data["EnableOpenIDSignUp"] = setting.EnableOpenIDSignUp
+	ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
 	ctx.Data["OpenID"] = oid
 	userName, _ := ctx.Session.Get("openid_determined_username").(string)
@@ -328,7 +328,7 @@ func RegisterOpenID(ctx *context.Context) {
 
 // RegisterOpenIDPost handles submission of a form to create a new user authenticated via an OpenID URI
 func RegisterOpenIDPost(ctx *context.Context, cpt *captcha.Captcha, form auth.SignUpOpenIDForm) {
-	if !setting.EnableOpenIDSignUp {
+	if !setting.Service.EnableOpenIDSignUp {
 		ctx.Error(403)
 		return
 	}
@@ -341,7 +341,7 @@ func RegisterOpenIDPost(ctx *context.Context, cpt *captcha.Captcha, form auth.Si
 	ctx.Data["Title"] = "OpenID signup"
 	ctx.Data["PageIsSignIn"] = true
 	ctx.Data["PageIsOpenIDRegister"] = true
-	ctx.Data["EnableOpenIDSignUp"] = setting.EnableOpenIDSignUp
+	ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
 	ctx.Data["OpenID"] = oid
 
diff --git a/templates/admin/config.tmpl b/templates/admin/config.tmpl
index 225c23b97b..7348ab7b9e 100644
--- a/templates/admin/config.tmpl
+++ b/templates/admin/config.tmpl
@@ -114,6 +114,10 @@
 				<dd><i class="fa fa{{if .Service.DisableRegistration}}-check{{end}}-square-o"></i></dd>
 				<dt>{{.i18n.Tr "admin.config.show_registration_button"}}</dt>
 				<dd><i class="fa fa{{if .Service.ShowRegistrationButton}}-check{{end}}-square-o"></i></dd>
+				<dt>{{.i18n.Tr "admin.config.enable_openid_signup"}}</dt>
+				<dd><i class="fa fa{{if .Service.EnableOpenIDSignUp}}-check{{end}}-square-o"></i></dd>
+				<dt>{{.i18n.Tr "admin.config.enable_openid_signin"}}</dt>
+				<dd><i class="fa fa{{if .Service.EnableOpenIDSignIn}}-check{{end}}-square-o"></i></dd>
 				<dt>{{.i18n.Tr "admin.config.require_sign_in_view"}}</dt>
 				<dd><i class="fa fa{{if .Service.RequireSignInView}}-check{{end}}-square-o"></i></dd>
 				<dt>{{.i18n.Tr "admin.config.mail_notify"}}</dt>