keycloak-memoizeit

If registration is not allowed for a realm it should not be possible …

8/15/2013 12:34:44 PM

to login with social login unless the user already exists

Stian Thorgersen

Commit: a65c869

Tree: 0f9822c

Parents: 0301094

Changes

services/src/main/java/org/keycloak/services/resources/SocialResource.java 4(+4 -0)

Details

services/src/main/java/org/keycloak/services/resources/SocialResource.java 4(+4 -0)

diff --git a/services/src/main/java/org/keycloak/services/resources/SocialResource.java b/services/src/main/java/org/keycloak/services/resources/SocialResource.java
index 4e7f812..73e139c 100644
--- a/services/src/main/java/org/keycloak/services/resources/SocialResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/SocialResource.java
@@ -144,6 +144,10 @@ public class SocialResource {
                 UserModel user = realm.getUser(provider.getId() + "." + socialUser.getId());
 
                 if (user == null) {
+                    if (!realm.isRegistrationAllowed()) {
+                        return oauth.forwardToSecurityFailure("Registration not allowed");
+                    }
+
                     user = realm.addUser(provider.getId() + "." + socialUser.getId());
                     user.setAttribute(provider.getId() + ".id", socialUser.getId());