Change public profile pages to be disabled for unconfirmed users (#17385)
Fixes #17382 Note that unconfirmed and unapproved accounts can still be searched for and their (empty) account retrieved using the REST API.gh/stable
parent
e38fc319dc
commit
f5639e1cbe
|
@ -8,6 +8,7 @@ module AccountOwnedConcern
|
||||||
before_action :set_account, if: :account_required?
|
before_action :set_account, if: :account_required?
|
||||||
before_action :check_account_approval, if: :account_required?
|
before_action :check_account_approval, if: :account_required?
|
||||||
before_action :check_account_suspension, if: :account_required?
|
before_action :check_account_suspension, if: :account_required?
|
||||||
|
before_action :check_account_confirmation, if: :account_required?
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
@ -28,6 +29,10 @@ module AccountOwnedConcern
|
||||||
not_found if @account.local? && @account.user_pending?
|
not_found if @account.local? && @account.user_pending?
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def check_account_confirmation
|
||||||
|
not_found if @account.local? && !@account.user_confirmed?
|
||||||
|
end
|
||||||
|
|
||||||
def check_account_suspension
|
def check_account_suspension
|
||||||
if @account.suspended_permanently?
|
if @account.suspended_permanently?
|
||||||
permanent_suspension_response
|
permanent_suspension_response
|
||||||
|
|
|
@ -11,10 +11,33 @@ describe ApplicationController, type: :controller do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
around do |example|
|
||||||
|
registrations_mode = Setting.registrations_mode
|
||||||
|
example.run
|
||||||
|
Setting.registrations_mode = registrations_mode
|
||||||
|
end
|
||||||
|
|
||||||
before do
|
before do
|
||||||
routes.draw { get 'success' => 'anonymous#success' }
|
routes.draw { get 'success' => 'anonymous#success' }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'when account is unconfirmed' do
|
||||||
|
it 'returns http not found' do
|
||||||
|
account = Fabricate(:user, confirmed_at: nil).account
|
||||||
|
get 'success', params: { account_username: account.username }
|
||||||
|
expect(response).to have_http_status(404)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when account is not approved' do
|
||||||
|
it 'returns http not found' do
|
||||||
|
Setting.registrations_mode = 'approved'
|
||||||
|
account = Fabricate(:user, approved: false).account
|
||||||
|
get 'success', params: { account_username: account.username }
|
||||||
|
expect(response).to have_http_status(404)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
context 'when account is suspended' do
|
context 'when account is suspended' do
|
||||||
it 'returns http gone' do
|
it 'returns http gone' do
|
||||||
account = Fabricate(:account, suspended: true)
|
account = Fabricate(:account, suspended: true)
|
||||||
|
|
Reference in New Issue