Add allow_sign_up override for auth.google/github.

conf/defaults.ini

@@ -143,6 +143,7 @@ auth_url = https://github.com/login/oauth/authorize
 token_url = https://github.com/login/oauth/access_token
 api_url = https://api.github.com/user
 allowed_domains =
+allow_sign_up = false
 
 #################################### Google Auth ##########################
 [auth.google]
@@ -154,6 +155,7 @@ auth_url = https://accounts.google.com/o/oauth2/auth
 token_url = https://accounts.google.com/o/oauth2/token
 api_url = https://www.googleapis.com/oauth2/v1/userinfo
 allowed_domains =
+allow_sign_up = false
 
 #################################### Logging ##########################
 [log]

docs/sources/installation/configuration.md

@@ -181,10 +181,14 @@ Client ID and a Client Secret. Specify these in the grafana config file. Example
     scopes = user:email
     auth_url = https://github.com/login/oauth/authorize
     token_url = https://github.com/login/oauth/access_token
+    allow_sign_up = false
 
 Restart the grafana backend. You should now see a github login button on the login page. You can
 now login or signup with your github accounts.
 
+You may allow users to sign-up via github auth by setting allow_sign_up to true. When this option is
+set to true, any user successfully authenticating via github auth will be automatically signed up.
+
 ## [auth.google]
 You need to create a google project. You can do this in the [Google Developer Console](https://console.developers.google.com/project).
 When you create the project you will need to specify a callback URL. Specify this as callback:
@@ -203,10 +207,14 @@ Client ID and a Client Secret. Specify these in the grafana config file. Example
     auth_url = https://accounts.google.com/o/oauth2/auth
     token_url = https://accounts.google.com/o/oauth2/token
     allowed_domains = mycompany.com
+    allow_sign_up = false
 
 Restart the grafana backend. You should now see a google login button on the login page. You can
 now login or signup with your google accounts. `allowed_domains` option is optional.
 
+You may allow users to sign-up via google auth by setting allow_sign_up to true. When this option is
+set to true, any user successfully authenticating via google auth will be automatically signed up.
+
 <hr>
 ## [session]
 

pkg/api/login_oauth.go

@@ -63,7 +63,7 @@ func OAuthLogin(ctx *middleware.Context) {
 
 	// create account if missing
 	if err == m.ErrUserNotFound {
-		if !setting.AllowUserSignUp {
+		if !connect.IsSignupAllowed() {
 			ctx.Redirect(setting.AppSubUrl + "/login")
 			return
 		}

pkg/setting/setting_oauth.go

@@ -7,6 +7,7 @@ type OAuthInfo struct {
 	Enabled                bool
 	AllowedDomains         []string
 	ApiUrl                 string
+	AllowSignup            bool
 }
 
 type OAuther struct {

pkg/social/social.go

@@ -25,6 +25,7 @@ type SocialConnector interface {
 	Type() int
 	UserInfo(token *oauth2.Token) (*BasicUserInfo, error)
 	IsEmailAllowed(email string) bool
+	IsSignupAllowed() bool
 
 	AuthCodeURL(state string, opts ...oauth2.AuthCodeOption) string
 	Exchange(ctx context.Context, code string) (*oauth2.Token, error)
@@ -52,6 +53,7 @@ func NewOAuthService() {
 			ApiUrl:         sec.Key("api_url").String(),
 			Enabled:        sec.Key("enabled").MustBool(),
 			AllowedDomains: sec.Key("allowed_domains").Strings(" "),
+			AllowSignup:    sec.Key("allow_sign_up").MustBool(),
 		}
 
 		if !info.Enabled {
@@ -73,13 +75,13 @@ func NewOAuthService() {
 		// GitHub.
 		if name == "github" {
 			setting.OAuthService.GitHub = true
-			SocialMap["github"] = &SocialGithub{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl}
+			SocialMap["github"] = &SocialGithub{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl, allowSignup: info.AllowSignup}
 		}
 
 		// Google.
 		if name == "google" {
 			setting.OAuthService.Google = true
-			SocialMap["google"] = &SocialGoogle{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl}
+			SocialMap["google"] = &SocialGoogle{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl, allowSignup: info.AllowSignup}
 		}
 	}
 }
@@ -102,6 +104,7 @@ type SocialGithub struct {
 	*oauth2.Config
 	allowedDomains []string
 	ApiUrl         string
+	allowSignup    bool
 }
 
 func (s *SocialGithub) Type() int {
@@ -112,6 +115,10 @@ func (s *SocialGithub) IsEmailAllowed(email string) bool {
 	return isEmailAllowed(email, s.allowedDomains)
 }
 
+func (s *SocialGithub) IsSignupAllowed() bool {
+	return s.allowSignup
+}
+
 func (s *SocialGithub) UserInfo(token *oauth2.Token) (*BasicUserInfo, error) {
 	var data struct {
 		Id    int    `json:"id"`
@@ -150,6 +157,7 @@ type SocialGoogle struct {
 	*oauth2.Config
 	allowedDomains []string
 	ApiUrl         string
+	allowSignup    bool
 }
 
 func (s *SocialGoogle) Type() int {
@@ -160,6 +168,10 @@ func (s *SocialGoogle) IsEmailAllowed(email string) bool {
 	return isEmailAllowed(email, s.allowedDomains)
 }
 
+func (s *SocialGoogle) IsSignupAllowed() bool {
+	return s.allowSignup
+}
+
 func (s *SocialGoogle) UserInfo(token *oauth2.Token) (*BasicUserInfo, error) {
 	var data struct {
 		Id    string `json:"id"`