FIX: Prevent all kinds of login in readonly mode (#16743)

app/controllers/session_controller.rb

@@ -99,6 +99,7 @@ class SessionController < ApplicationController
     def become
 
       raise Discourse::InvalidAccess if Rails.env.production?
+      raise Discourse::ReadOnly if @readonly_mode
 
       if ENV['DISCOURSE_DEV_ALLOW_ANON_TO_IMPERSONATE'] != "1"
         render(content_type: 'text/plain', inline: <<~TEXT)
@@ -121,8 +122,8 @@ class SessionController < ApplicationController
   end
 
   def sso_login
-    return render_sso_error(text: I18n.t("read_only_mode_enabled"), status: 503) if @readonly_mode
     raise Discourse::NotFound.new unless SiteSetting.enable_discourse_connect
+    raise Discourse::ReadOnly if @readonly_mode
 
     params.require(:sso)
     params.require(:sig)

app/controllers/users/omniauth_callbacks_controller.rb

@@ -22,6 +22,7 @@ class Users::OmniauthCallbacksController < ApplicationController
   def complete
     auth = request.env["omniauth.auth"]
     raise Discourse::NotFound unless request.env["omniauth.auth"]
+    raise Discourse::ReadOnly if @readonly_mode
 
     auth[:session] = session