From d2ca803753b03ee22e3f641935a1533668d3bfe2 Mon Sep 17 00:00:00 2001
From: Damodar Lohani <dlohani48@gmail.com>
Date: Tue, 10 Jan 2023 04:52:21 +0000
Subject: [PATCH] add provider enabled check in the redirect

---
 app/controllers/api/account.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index 40e8c11f6e..a80050bbfa 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -400,6 +400,11 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
         $validateURL = new URL();
         $appId = $project->getAttribute('authProviders', [])[$provider . 'Appid'] ?? '';
         $appSecret = $project->getAttribute('authProviders', [])[$provider . 'Secret'] ?? '{}';
+        $providerEnabled = $project->getAttribute('authProviders', [])[$provider . 'Enabled'] ?? false;
+
+        if (!$providerEnabled) {
+            throw new Exception(Exception::PROJECT_PROVIDER_DISABLED, 'This provider is disabled. Please enable the provider from your ' . APP_NAME . ' console to continue.');
+        }
 
         if (!empty($appSecret) && isset($appSecret['version'])) {
             $key = App::getEnv('_APP_OPENSSL_KEY_V' . $appSecret['version']);