diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb index 78e089accdf..09fb287bcc4 100644 --- a/app/controllers/session_controller.rb +++ b/app/controllers/session_controller.rb @@ -71,7 +71,11 @@ class SessionController < ApplicationController if user = sso.lookup_or_create_user(request.remote_ip) if SiteSetting.must_approve_users? && !user.approved? - render text: I18n.t("sso.account_not_approved"), status: 403 + if SiteSetting.sso_not_approved_url.present? + redirect_to sso_not_approved_url + else + render text: I18n.t("sso.account_not_approved"), status: 403 + end return elsif !user.active? activation = UserActivator.new(user, request, session, cookies) diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml index c71248b1b85..05b7fff6a3c 100644 --- a/config/locales/server.en.yml +++ b/config/locales/server.en.yml @@ -887,6 +887,7 @@ en: sso_overrides_username: "Overrides local username with external site username from SSO payload (WARNING: discrepancies can occur due to differences in username length/requirements)" sso_overrides_name: "Overrides local full name with external site full name from SSO payload" sso_overrides_avatar: "Overrides user avatar with external site avatar from SSO payload. If enabled, disabling allow_uploaded_avatars is highly recommended" + sso_not_approved_url: "Redirect unapproved SSO accounts to this URL" enable_local_logins: "Enable local username and password login based accounts. (Note: this must be enabled for invites to work)" allow_new_registrations: "Allow new user registrations. Uncheck this to prevent anyone from creating a new account." diff --git a/config/site_settings.yml b/config/site_settings.yml index 0c910f40f3e..9a67053036d 100644 --- a/config/site_settings.yml +++ b/config/site_settings.yml @@ -235,6 +235,7 @@ login: sso_overrides_avatar: default: false client: true + sso_not_approved_url: '' email_domains_blacklist: default: 'mailinator.com' type: list