From a65c8695d78a2d99fdc1ccd5affcb76d143a5917 Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Thu, 15 Aug 2013 16:34:44 +0100
Subject: [PATCH] If registration is not allowed for a realm it should not be
 possible to login with social login unless the user already exists

---
 .../java/org/keycloak/services/resources/SocialResource.java  | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/services/src/main/java/org/keycloak/services/resources/SocialResource.java b/services/src/main/java/org/keycloak/services/resources/SocialResource.java
index 4e7f81203e..73e139cf8e 100644
--- a/services/src/main/java/org/keycloak/services/resources/SocialResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/SocialResource.java
@@ -144,6 +144,10 @@ public class SocialResource {
                 UserModel user = realm.getUser(provider.getId() + "." + socialUser.getId());
 
                 if (user == null) {
+                    if (!realm.isRegistrationAllowed()) {
+                        return oauth.forwardToSecurityFailure("Registration not allowed");
+                    }
+
                     user = realm.addUser(provider.getId() + "." + socialUser.getId());
                     user.setAttribute(provider.getId() + ".id", socialUser.getId());