From 34700a4c521884b9e46d91c6c0e9457f2a2fa5e3 Mon Sep 17 00:00:00 2001
From: boojack <stevenlgtm@gmail.com>
Date: Tue, 2 May 2023 08:45:03 +0800
Subject: [PATCH] chore: check allow sign up setting in sso (#1620)

---
 server/auth.go | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/server/auth.go b/server/auth.go
index f874b7e9..51dab321 100644
--- a/server/auth.go
+++ b/server/auth.go
@@ -101,6 +101,24 @@ func (s *Server) registerAuthRoutes(g *echo.Group, secret string) {
 			return echo.NewHTTPError(http.StatusInternalServerError, "Incorrect login credentials, please try again")
 		}
 		if user == nil {
+			allowSignUpSetting, err := s.Store.FindSystemSetting(ctx, &api.SystemSettingFind{
+				Name: api.SystemSettingAllowSignUpName,
+			})
+			if err != nil && common.ErrorCode(err) != common.NotFound {
+				return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find system setting").SetInternal(err)
+			}
+
+			allowSignUpSettingValue := false
+			if allowSignUpSetting != nil {
+				err = json.Unmarshal([]byte(allowSignUpSetting.Value), &allowSignUpSettingValue)
+				if err != nil {
+					return echo.NewHTTPError(http.StatusInternalServerError, "Failed to unmarshal system setting allow signup").SetInternal(err)
+				}
+			}
+			if !allowSignUpSettingValue {
+				return echo.NewHTTPError(http.StatusUnauthorized, "signup is disabled").SetInternal(err)
+			}
+
 			userCreate := &api.UserCreate{
 				Username: userInfo.Identifier,
 				// The new signup user should be normal user by default.