@@ -249,7 +249,7 @@ func signInOpenIDVerify(ctx *context.Context) {
249249 log .Error ("signInOpenIDVerify: Unable to save changes to the session: %v" , err )
250250 }
251251
252- if u != nil || ! setting .Service .EnableOpenIDSignUp {
252+ if u != nil || ! setting .Service .EnableOpenIDSignUp || setting . Service . AllowOnlyInternalRegistration {
253253 ctx .Redirect (setting .AppSubURL + "/user/openid/connect" )
254254 } else {
255255 ctx .Redirect (setting .AppSubURL + "/user/openid/register" )
@@ -267,6 +267,7 @@ func ConnectOpenID(ctx *context.Context) {
267267 ctx .Data ["PageIsSignIn" ] = true
268268 ctx .Data ["PageIsOpenIDConnect" ] = true
269269 ctx .Data ["EnableOpenIDSignUp" ] = setting .Service .EnableOpenIDSignUp
270+ ctx .Data ["AllowOnlyInternalRegistration" ] = setting .Service .AllowOnlyInternalRegistration
270271 ctx .Data ["OpenID" ] = oid
271272 userName , _ := ctx .Session .Get ("openid_determined_username" ).(string )
272273 if userName != "" {
@@ -328,6 +329,7 @@ func RegisterOpenID(ctx *context.Context) {
328329 ctx .Data ["PageIsSignIn" ] = true
329330 ctx .Data ["PageIsOpenIDRegister" ] = true
330331 ctx .Data ["EnableOpenIDSignUp" ] = setting .Service .EnableOpenIDSignUp
332+ ctx .Data ["AllowOnlyInternalRegistration" ] = setting .Service .AllowOnlyInternalRegistration
331333 ctx .Data ["EnableCaptcha" ] = setting .Service .EnableCaptcha
332334 ctx .Data ["Captcha" ] = context .GetImageCaptcha ()
333335 ctx .Data ["CaptchaType" ] = setting .Service .CaptchaType
@@ -367,6 +369,11 @@ func RegisterOpenIDPost(ctx *context.Context) {
367369 ctx .Data ["HcaptchaSitekey" ] = setting .Service .HcaptchaSitekey
368370 ctx .Data ["OpenID" ] = oid
369371
372+ if setting .Service .AllowOnlyInternalRegistration {
373+ ctx .Error (http .StatusForbidden )
374+ return
375+ }
376+
370377 if setting .Service .EnableCaptcha {
371378 var valid bool
372379 var err error
0 commit comments