Add more checks for EnableOpenIDSignIn

strk · strk · commit 47221ad7f0d2 · 2017-08-19T12:27:59.000+02:00
diff --git a/routers/user/auth_openid.go b/routers/user/auth_openid.go
@@ -250,6 +250,10 @@ func signInOpenIDVerify(ctx *context.Context) {
 
 // ConnectOpenID shows a form to connect an OpenID URI to an existing account
 func ConnectOpenID(ctx *context.Context) {
+	if !setting.Service.EnableOpenIDSignIn {
+		ctx.Error(403)
+		return
+	}
 	oid, _ := ctx.Session.Get("openid_verified_uri").(string)
 	if oid == "" {
 		ctx.Redirect(setting.AppSubURL + "/user/login/openid")
diff --git a/routers/user/setting_openid.go b/routers/user/setting_openid.go
@@ -20,6 +20,12 @@ const (
 
 // SettingsOpenID renders change user's openid page
 func SettingsOpenID(ctx *context.Context) {
+
+	if !setting.Service.EnableOpenIDSignIn {
+		ctx.Error(403)
+		return
+	}
+
 	ctx.Data["Title"] = ctx.Tr("settings")
 	ctx.Data["PageIsSettingsOpenID"] = true
 
@@ -41,7 +47,7 @@ func SettingsOpenID(ctx *context.Context) {
 // SettingsOpenIDPost response for change user's openid
 func SettingsOpenIDPost(ctx *context.Context, form auth.AddOpenIDForm) {
 
-	if !setting.Service.EnableOpenIDSignUp {
+	if !setting.Service.EnableOpenIDSignIn {
 		ctx.Error(403)
 		return
 	}
@@ -138,7 +144,7 @@ func settingsOpenIDVerify(ctx *context.Context) {
 
 // DeleteOpenID response for delete user's openid
 func DeleteOpenID(ctx *context.Context) {
-	if !setting.Service.EnableOpenIDSignUp {
+	if !setting.Service.EnableOpenIDSignIn {
 		ctx.Error(403)
 		return
 	}
@@ -156,7 +162,7 @@ func DeleteOpenID(ctx *context.Context) {
 
 // ToggleOpenIDVisibility response for toggle visibility of user's openid
 func ToggleOpenIDVisibility(ctx *context.Context) {
-	if !setting.Service.EnableOpenIDSignUp {
+	if !setting.Service.EnableOpenIDSignIn {
 		ctx.Error(403)
 		return
 	}
