Prevent registration via OpenID if self registration is off. #699

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2448 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-02-11 19:07:41 +00:00 · 2009-02-11 19:07:41 +00:00 · 85ad791d81
parent 720f928cd2
commit 85ad791d81
2 changed files with 12 additions and 1 deletions
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@ -183,6 +183,9 @@ private
      if result.successful?
        user = User.find_or_initialize_by_identity_url(identity_url)
        if user.new_record?
+          # Self-registration off
+          redirect_to(home_url) && return unless Setting.self_registration?
+
          # Create on the fly
          user.login = registration['nickname'] unless registration['nickname'].nil?
          user.mail = registration['email'] unless registration['email'].nil?
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@ -86,7 +86,15 @@ class AccountControllerTest < Test::Unit::TestCase
    assert_equal 'Cool', user.firstname
    assert_equal 'User', user.lastname
  end
-  
+
+  def test_login_with_openid_with_new_user_and_self_registration_off
+    Setting.self_registration = '0'
+    post :login, :openid_url => 'http://openid.example.com/good_user'
+    assert_redirected_to home_url
+    user = User.find_by_login('cool_user')
+    assert ! user
+  end
+
  def test_login_with_openid_with_new_user_created_with_email_activation_should_have_a_token
    Setting.self_registration = '1'
    post :login, :openid_url => 'http://openid.example.com/good_user'