Change public profile pages to be disabled for unconfirmed users (#17385)
Fixes #17382 Note that unconfirmed and unapproved accounts can still be searched for and their (empty) account retrieved using the REST API.
This commit is contained in:
parent
e38fc319dc
commit
f5639e1cbe
2 changed files with 28 additions and 0 deletions
|
@ -8,6 +8,7 @@ module AccountOwnedConcern
|
|||
before_action :set_account, if: :account_required?
|
||||
before_action :check_account_approval, if: :account_required?
|
||||
before_action :check_account_suspension, if: :account_required?
|
||||
before_action :check_account_confirmation, if: :account_required?
|
||||
end
|
||||
|
||||
private
|
||||
|
@ -28,6 +29,10 @@ module AccountOwnedConcern
|
|||
not_found if @account.local? && @account.user_pending?
|
||||
end
|
||||
|
||||
def check_account_confirmation
|
||||
not_found if @account.local? && !@account.user_confirmed?
|
||||
end
|
||||
|
||||
def check_account_suspension
|
||||
if @account.suspended_permanently?
|
||||
permanent_suspension_response
|
||||
|
|
|
@ -11,10 +11,33 @@ describe ApplicationController, type: :controller do
|
|||
end
|
||||
end
|
||||
|
||||
around do |example|
|
||||
registrations_mode = Setting.registrations_mode
|
||||
example.run
|
||||
Setting.registrations_mode = registrations_mode
|
||||
end
|
||||
|
||||
before do
|
||||
routes.draw { get 'success' => 'anonymous#success' }
|
||||
end
|
||||
|
||||
context 'when account is unconfirmed' do
|
||||
it 'returns http not found' do
|
||||
account = Fabricate(:user, confirmed_at: nil).account
|
||||
get 'success', params: { account_username: account.username }
|
||||
expect(response).to have_http_status(404)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when account is not approved' do
|
||||
it 'returns http not found' do
|
||||
Setting.registrations_mode = 'approved'
|
||||
account = Fabricate(:user, approved: false).account
|
||||
get 'success', params: { account_username: account.username }
|
||||
expect(response).to have_http_status(404)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when account is suspended' do
|
||||
it 'returns http gone' do
|
||||
account = Fabricate(:account, suspended: true)
|
||||
|
|
Loading…
Reference in a new issue