From c4e2434a537df59d6179f251bf9588a73b76ea01 Mon Sep 17 00:00:00 2001 From: LouisSung <37973545+LouisSung@users.noreply.github.com> Date: Mon, 5 Jul 2021 01:35:44 +0800 Subject: [PATCH] Fix user creation for custom OAuth when registration disabled When the `Accounts_Registration_AuthenticationServices_Enabled` is set as false, the user should not be created via custom OAuth service. Resolves: #15787, #20671 --- app/authentication/server/startup/index.js | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/app/authentication/server/startup/index.js b/app/authentication/server/startup/index.js index 680041fd2d53..f72e98cec5e4 100644 --- a/app/authentication/server/startup/index.js +++ b/app/authentication/server/startup/index.js @@ -363,8 +363,17 @@ Accounts.validateNewUser(function(user) { return true; } - if (settings.get('Accounts_Registration_AuthenticationServices_Enabled') === false && settings.get('LDAP_Enable') === false && !(user.services && user.services.password)) { - throw new Meteor.Error('registration-disabled-authentication-services', 'User registration is disabled for authentication services'); + if (settings.get('Accounts_Registration_AuthenticationServices_Enabled') === false) { + if (settings.get('LDAP_Enable') === false && !(user.services && user.services.password)) { + throw new Meteor.Error('registration-disabled-authentication-services', 'User registration is disabled for authentication services'); + } else if (settings.get(/^Accounts_OAuth_Custom-[a-z0-9_]+$/i).length > 0) { + const customOAuthServicesInUse = settings.get(/^Accounts_OAuth_Custom-[a-z0-9_]+$/i) + .map(({ key: serviceName }) => serviceName.replace(/^Accounts_OAuth_Custom-/, '').toLowerCase()) + .filter((serviceName) => user.services && user.services[serviceName]); + if (customOAuthServicesInUse.length > 0) { + throw new Meteor.Error('registration-disabled-authentication-services', `User registration is disabled for custom OAuth services '${ customOAuthServicesInUse }'`); + } + } } return true;