Custom OAuth registers new accounts even if it was prohibited.

[KodoGit]

Description:

Custom OAuth (Keycloak) registers new accounts regardless of "Registration with Authentication Services" setting.

Steps to reproduce:

1. Set up Custom OAuth for Keycloak
2. Turn off "Registration with Authentication Services" setting in /admin/Accounts
3. Log in using OAuth with account that does not exists in Rocketchat but is accepted by Keycloak.

Expected behavior:

Login denied.

Actual behavior:

New account is created in Rocketchat with user role "User".

Server Setup Information:

• Version of Rocket.Chat Server: 3.9.7
• Operating System: Ubuntu 18
• Deployment Method: SNAP

Additional context

We map AD groups to RC roles like guest/user/admin. RC imports only members of the specified groups.
Any other account registration in RC is closed.

Keycloak(with Kerberos) OAuth is set to use the same AD to ease login.
But RC allows unauthorized access registering new accounts for AD users that are not members of groups mentioned above.
"Registration with Authentication Services" setting in /admin/Accounts is not respected.
"Default Roles for Authentication Services" setting still can be used as a workaround.

[ankar84]

Duplicate of #15787 which assigned to @pierre-lehnen-rc

[LouisSung]

Can anyone confirm that whether this issue still exists in 4.3.1?
I haven't set up dev environment for months and hopefully someone could give it a try; otherwise, I'll do it when available

The patch in #22564 became conflicted after some version bumped : (