Prevent registration via OpenID if self registration is off. #699

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2448 e93f8b46-1217-0410-a6f0-8f06a7374b81

2 files changed, 12 insertions, 1 deletions

diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index 4bfe562c6..9f5200ee3 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -183,6 +183,9 @@ private
       if result.successful?
         user = User.find_or_initialize_by_identity_url(identity_url)
         if user.new_record?
+          # Self-registration off
+          redirect_to(home_url) && return unless Setting.self_registration?
+
           # Create on the fly
           user.login = registration['nickname'] unless registration['nickname'].nil?
           user.mail = registration['email'] unless registration['email'].nil?
diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb
index edca1d2f1..aec626a2f 100644
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -86,7 +86,15 @@ class AccountControllerTest < Test::Unit::TestCase
     assert_equal 'Cool', user.firstname
     assert_equal 'User', user.lastname
   end
-  
+
+  def test_login_with_openid_with_new_user_and_self_registration_off
+    Setting.self_registration = '0'
+    post :login, :openid_url => 'http://openid.example.com/good_user'
+    assert_redirected_to home_url
+    user = User.find_by_login('cool_user')
+    assert ! user
+  end
+
   def test_login_with_openid_with_new_user_created_with_email_activation_should_have_a_token
     Setting.self_registration = '1'
     post :login, :openid_url => 'http://openid.example.com/good_user'