public function execute( $subPage ) {
$this->setHeaders();
$this->loadAuth( $subPage );
+
+ if ( !$this->isActionAllowed( $this->authAction ) ) {
+ if ( $this->authAction === AuthManager::ACTION_UNLINK ) {
+ // Looks like there are no linked accounts to unlink
+ $titleMessage = $this->msg( 'cannotunlink-no-provider-title' );
+ $errorMessage = $this->msg( 'cannotunlink-no-provider' );
+ throw new ErrorPageError( $titleMessage, $errorMessage );
+ } else {
+ // user probably back-button-navigated into an auth session that no longer exists
+ // FIXME would be nice to show a message
+ $this->getOutput()->redirect( $this->getPageTitle()->getFullURL( '', false, PROTO_HTTPS ) );
+ return;
+ }
+ }
+
$this->outputHeader();
$status = $this->trySubmit();