From 85ad791d815ce197b381b42fcd1503ecef0d34f5 Mon Sep 17 00:00:00 2001 From: Eric Davis Date: Wed, 11 Feb 2009 19:07:41 +0000 Subject: Prevent registration via OpenID if self registration is off. #699 git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2448 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/account_controller.rb | 3 +++ test/functional/account_controller_test.rb | 10 +++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index 4bfe562c6..9f5200ee3 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -183,6 +183,9 @@ private if result.successful? user = User.find_or_initialize_by_identity_url(identity_url) if user.new_record? + # Self-registration off + redirect_to(home_url) && return unless Setting.self_registration? + # Create on the fly user.login = registration['nickname'] unless registration['nickname'].nil? user.mail = registration['email'] unless registration['email'].nil? diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb index edca1d2f1..aec626a2f 100644 --- a/test/functional/account_controller_test.rb +++ b/test/functional/account_controller_test.rb @@ -86,7 +86,15 @@ class AccountControllerTest < Test::Unit::TestCase assert_equal 'Cool', user.firstname assert_equal 'User', user.lastname end - + + def test_login_with_openid_with_new_user_and_self_registration_off + Setting.self_registration = '0' + post :login, :openid_url => 'http://openid.example.com/good_user' + assert_redirected_to home_url + user = User.find_by_login('cool_user') + assert ! user + end + def test_login_with_openid_with_new_user_created_with_email_activation_should_have_a_token Setting.self_registration = '1' post :login, :openid_url => 'http://openid.example.com/good_user' -- cgit v1.2.3