diff --git a/README.rdoc b/README.rdoc
index 9c1f3e6..64ebd89 100644
--- a/README.rdoc
+++ b/README.rdoc
@@ -87,6 +87,8 @@ admin_role::
+realm_access.roles+.
Example: ROLES/REDMINE/ADMIN
+create_user_if_not_exists::
+ Whether to create a user account for an authenticated user who does not already have one.
== Mapping users
diff --git a/app/controllers/oidc_controller.rb b/app/controllers/oidc_controller.rb
index ee6b586..647498e 100644
--- a/app/controllers/oidc_controller.rb
+++ b/app/controllers/oidc_controller.rb
@@ -82,11 +82,17 @@ def login_user
end
def create_user
- user = User.create(@oidc_session.user_attributes)
- user.activate
- user.random_password
- user.last_login_on = Time.now
- user.save ? successful_login(user) : unsuccessful_login(user)
+ if settings.create_user_if_not_exists
+ user = User.create(@oidc_session.user_attributes)
+ user.activate
+ user.random_password
+ user.last_login_on = Time.now
+ user.save ? successful_login(user) : unsuccessful_login(user)
+ else
+ user_id = @oidc_session.user_attributes[:login] || @oidc_session.user_attributes[:oidc_identifier]
+ logger.info "User #{user_id} does not exist and creating new users by OIDC is disabled"
+ render 'lock_user', :status => :unauthorized
+ end
end
def update_user(user)
@@ -110,4 +116,7 @@ def unsuccessful_login(user)
end
end
+ def settings
+ @settings ||= RedmineOidc.settings
+ end
end
diff --git a/app/views/settings/_redmine_oidc.html.erb b/app/views/settings/_redmine_oidc.html.erb
index c77d19f..d0688a5 100644
--- a/app/views/settings/_redmine_oidc.html.erb
+++ b/app/views/settings/_redmine_oidc.html.erb
@@ -38,6 +38,10 @@
<%= label_tag 'settings[admin_role]', l('oidc.settings.admin_role') %>
<%= text_field_tag 'settings[admin_role]', oidc_settings.admin_role, size: 60 %>
+
+ <%= label_tag 'settings[create_user_if_not_exists]', l('oidc.settings.create_user_if_not_exists') %>
+ <%= check_box_tag 'settings[create_user_if_not_exists]', 1, oidc_settings.create_user_if_not_exists %>
+
<%= label_tag 'settings[session_check_enabled]', l('oidc.settings.session_check_enabled') %>
<%= check_box_tag 'settings[session_check_enabled]', 1, oidc_settings.session_check_enabled %>
diff --git a/config/locales/de.yml b/config/locales/de.yml
index 66adf98..4ad0cc6 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -34,6 +34,7 @@ de:
roles_claim_placeholder: roles
access_roles: Leerzeichen-separierte Liste der autorisierten Rollen
admin_role: Administrationsrolle
+ create_user_if_not_exists: Benutzer erstellen, falls nicht vorhanden
session_check_enabled: Session Check aktivieren
session_check_users_csv: Komma-separierte Liste der Logins mit Session Check (* = alle)
error:
diff --git a/config/locales/en.yml b/config/locales/en.yml
index cedad2a..e89b68a 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -34,6 +34,7 @@ en:
roles_claim_placeholder: roles
access_roles: Space-separated list of authorized roles
admin_role: Administration role
+ create_user_if_not_exists: Create user if not exists
session_check_enabled: Enable session check
session_check_users_csv: Comma-separated list of logins with session check (* = all)
error:
diff --git a/lib/redmine_oidc/settings.rb b/lib/redmine_oidc/settings.rb
index 39f7444..d227f50 100644
--- a/lib/redmine_oidc/settings.rb
+++ b/lib/redmine_oidc/settings.rb
@@ -31,6 +31,7 @@ class Settings
roles_claim
access_roles
admin_role
+ create_user_if_not_exists
session_check_enabled
session_check_users_csv
)