MDL-58905 auth_oauth2: Return if no issuers allow login

auth/oauth2/lang/en/auth_oauth2.php

@@ -72,6 +72,7 @@ $string['emailconfirmlinksent'] = '<p>An existing account was found with this em
    <p>If you have any difficulty, contact the site administrator.</p>';
 $string['info'] = 'External account';
 $string['issuer'] = 'OAuth 2 Service';
+$string['issuernologin'] = 'This issuer can not be used to login';
 $string['linkedlogins'] = 'Linked logins';
 $string['linkedloginshelp'] = 'Help with linked logins';
 $string['loginerror_userincomplete'] = 'The user information returned did not contain a username and email address. The OAuth 2 service may be configured incorrectly.';
@@ -79,6 +80,7 @@ $string['loginerror_nouserinfo'] = 'No user information was returned. The OAuth
 $string['loginerror_invaliddomain'] = 'The email address is not allowed at this site.';
 $string['loginerror_authenticationfailed'] = 'The authentication process failed.';
 $string['loginerror_cannotcreateaccounts'] = 'An account with your email address could not be found.';
+$string['noissuersavailable'] = 'None of the configured OAuth2 services allow you to link login accounts';
 $string['notloggedindebug'] = 'The login attempt failed. Reason: {$a}';
 $string['notwhileloggedinas'] = 'Linked logins cannot be managed while logged in as another user.';
 $string['oauth2:managelinkedlogins'] = 'Manage own linked login accounts';

auth/oauth2/linkedlogins.php

@@ -45,6 +45,9 @@ if ($action == 'new') {
     $issuerid = required_param('issuerid', PARAM_INT);
     $issuer = \core\oauth2\api::get_issuer($issuerid);
 
+    if (!$issuer->is_authentication_supported() || !$issuer->get('showonloginpage') || !$issuer->get('enabled')) {
+        throw new \moodle_exception('issuernologin', 'auth_oauth2');
+    }
 
     // We do a login dance with this issuer.
     $addparams = ['action' => 'new', 'issuerid' => $issuerid, 'sesskey' => sesskey()];
@@ -84,25 +87,40 @@ $renderer = $PAGE->get_renderer('auth_oauth2');
 $linkedloginid = optional_param('id', '', PARAM_RAW);
 $linkedlogin = null;
 
+auth_oauth2\api::clean_orphaned_linked_logins();
+
+$issuers = \core\oauth2\api::get_all_issuers();
+
+$anyshowinloginpage = false;
+$issuerbuttons = array();
+foreach ($issuers as $issuer) {
+    if (!$issuer->is_authentication_supported() || !$issuer->get('showonloginpage') || !$issuer->get('enabled')) {
+        continue;
+    }
+    $anyshowinloginpage = true;
+
+    $addparams = ['action' => 'new', 'issuerid' => $issuer->get('id'), 'sesskey' => sesskey(), 'logout' => true];
+    $addurl = new moodle_url('/auth/oauth2/linkedlogins.php', $addparams);
+    $issuerbuttons[$issuer->get('id')] = $renderer->single_button($addurl, get_string('createnewlinkedlogin', 'auth_oauth2', s($issuer->get('name'))));
+}
+
+if (!$anyshowinloginpage) {
+    // Just a notification that we can't make it.
+    $preferencesurl = new moodle_url('/user/preferences.php');
+    redirect($preferencesurl, get_string('noissuersavailable', 'auth_oauth2'), null, \core\output\notification::NOTIFY_WARNING);
+}
+
 echo $OUTPUT->header();
 echo $OUTPUT->heading(get_string('linkedlogins', 'auth_oauth2'));
 echo $OUTPUT->doc_link('Linked_Logins', get_string('linkedloginshelp', 'auth_oauth2'));
-auth_oauth2\api::clean_orphaned_linked_logins();
 $linkedlogins = auth_oauth2\api::get_linked_logins();
 
 echo $renderer->linked_logins_table($linkedlogins);
 
-$issuers = \core\oauth2\api::get_all_issuers();
-
-foreach ($issuers as $issuer) {
-    if (!$issuer->is_authentication_supported()) {
-        continue;
-    }
-
-    $addparams = ['action' => 'new', 'issuerid' => $issuer->get('id'), 'sesskey' => sesskey(), 'logout' => true];
-    $addurl = new moodle_url('/auth/oauth2/linkedlogins.php', $addparams);
-    echo $renderer->single_button($addurl, get_string('createnewlinkedlogin', 'auth_oauth2', s($issuer->get('name'))));
+foreach ($issuerbuttons as $issuerbutton) {
+    echo $issuerbutton;
 }
+
 echo $OUTPUT->footer();