SECURITY: Do not allow authentication with disabled plugin-supplied a… (#6071)

Do not allow authentication with disabled plugin-supplied auth providers

app/controllers/users/omniauth_callbacks_controller.rb

@@ -93,16 +93,19 @@ class Users::OmniauthCallbacksController < ApplicationController
   def self.find_authenticator(name)
     BUILTIN_AUTH.each do |authenticator|
       if authenticator.name == name
-        raise Discourse::InvalidAccess.new("provider is not enabled") unless SiteSetting.send("enable_#{name}_logins?")
+        raise Discourse::InvalidAccess.new(I18n.t("provider_not_enabled")) unless SiteSetting.send("enable_#{name}_logins?")
         return authenticator
       end
     end
 
     Discourse.auth_providers.each do |provider|
+      unless provider.enabled_setting.nil? || SiteSetting.send(provider.enabled_setting)
+        raise Discourse::InvalidAccess.new(I18n.t("provider_not_enabled"))
+      end
       return provider.authenticator if provider.name == name
     end
 
-    raise Discourse::InvalidAccess.new("provider is not found")
+    raise Discourse::InvalidAccess.new(I18n.t("provider_not_found"))
   end
 
   protected