Make the error message on user lookup configurable

Author: Abhishek Gupta

broker/conf/broker.conf

@@ -142,9 +142,14 @@ APP_ADVERTISE_HTTPS="false"
 # Set to true to block new user creation within OpenShift broker
 # If set to true, only allows existing users to access OpenShift
 # New users, even if authenticated, will not be provisioned in OpenShift broker
-# and will get an AccessDeniedException
+# and will get an error message
 AUTH_USER_LOOKUP_ONLY="false"
 
+# The error message that is displayed to users logging in with valid credentials
+# but who do not have an account provisioned in the cluster already
+AUTH_USER_LOOKUP_FAIL_MESSAGE="This cluster is configured for user lookup only. Please contact your system administrator for provisioning your user account."
+
+
 # Team collaboration settings
 MAX_MEMBERS_PER_RESOURCE="100"
 MAX_TEAMS_PER_RESOURCE="5"

broker/config/environments/development.rb

@@ -122,6 +122,7 @@
     :limit_app_name_chars => conf.get("LIMIT_APP_NAME_CHARS", -1).to_i,
     :app_advertise_https => conf.get_bool("APP_ADVERTISE_HTTPS", false),
     :auth_user_lookup_only => conf.get_bool("AUTH_USER_LOOKUP_ONLY", false),
+    :auth_user_lookup_fail_msg => conf.get("AUTH_USER_LOOKUP_FAIL_MESSAGE", "This cluster is configured for user lookup only. Please contact your system administrator for provisioning your user account."),
   }
 
   config.auth = {

broker/config/environments/production.rb

@@ -111,6 +111,7 @@
     :limit_app_name_chars => conf.get("LIMIT_APP_NAME_CHARS", -1).to_i,
     :app_advertise_https => conf.get_bool("APP_ADVERTISE_HTTPS", false),
     :auth_user_lookup_only => conf.get_bool("AUTH_USER_LOOKUP_ONLY", false),
+    :auth_user_lookup_fail_msg => conf.get("AUTH_USER_LOOKUP_FAIL_MESSAGE", "This cluster is configured for user lookup only. Please contact your system administrator for provisioning your user account."),
   }
 
   config.auth = {

broker/config/environments/test.rb

@@ -120,6 +120,7 @@
     :limit_app_name_chars => conf.get("LIMIT_APP_NAME_CHARS", -1).to_i,
     :app_advertise_https => conf.get_bool("APP_ADVERTISE_HTTPS", false),
     :auth_user_lookup_only => conf.get_bool("AUTH_USER_LOOKUP_ONLY", false),
+    :auth_user_lookup_fail_msg => conf.get("AUTH_USER_LOOKUP_FAIL_MESSAGE", "This cluster is configured for user lookup only. Please contact your system administrator for provisioning your user account."),
   }
 
   config.auth = {

controller/app/models/cloud_user.rb

@@ -163,9 +163,9 @@ def self.find_or_create_by_identity(provider, login, create_attributes={}, &bloc
     yield user, login if block_given?
     [user, false]
   rescue Mongoid::Errors::DocumentNotFound
-    # if new user creation is blocked, then return an exception
+    # if authentication is configured for lookup only, then return an exception
     if Rails.application.config.openshift[:auth_user_lookup_only]
-      raise OpenShift::UserException.new("New user signups are not allowed on this cluster")
+      raise OpenShift::UserException.new(Rails.application.config.openshift[:auth_user_lookup_fail_msg])
     end
     user = new(create_attributes)
     #user.current_identity = user.identities.build(provider: provider, uid: login)