Change public profile pages to be disabled for unconfirmed users (#17385)

Fixes #17382

Note that unconfirmed and unapproved accounts can still be searched for
and their (empty) account retrieved using the REST API.
pull/17398/head
Claire 2022-01-28 14:24:37 +01:00 committed by GitHub
parent e38fc319dc
commit f5639e1cbe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 28 additions and 0 deletions

View File

@ -8,6 +8,7 @@ module AccountOwnedConcern
before_action :set_account, if: :account_required? before_action :set_account, if: :account_required?
before_action :check_account_approval, if: :account_required? before_action :check_account_approval, if: :account_required?
before_action :check_account_suspension, if: :account_required? before_action :check_account_suspension, if: :account_required?
before_action :check_account_confirmation, if: :account_required?
end end
private private
@ -28,6 +29,10 @@ module AccountOwnedConcern
not_found if @account.local? && @account.user_pending? not_found if @account.local? && @account.user_pending?
end end
def check_account_confirmation
not_found if @account.local? && !@account.user_confirmed?
end
def check_account_suspension def check_account_suspension
if @account.suspended_permanently? if @account.suspended_permanently?
permanent_suspension_response permanent_suspension_response

View File

@ -11,10 +11,33 @@ describe ApplicationController, type: :controller do
end end
end end
around do |example|
registrations_mode = Setting.registrations_mode
example.run
Setting.registrations_mode = registrations_mode
end
before do before do
routes.draw { get 'success' => 'anonymous#success' } routes.draw { get 'success' => 'anonymous#success' }
end end
context 'when account is unconfirmed' do
it 'returns http not found' do
account = Fabricate(:user, confirmed_at: nil).account
get 'success', params: { account_username: account.username }
expect(response).to have_http_status(404)
end
end
context 'when account is not approved' do
it 'returns http not found' do
Setting.registrations_mode = 'approved'
account = Fabricate(:user, approved: false).account
get 'success', params: { account_username: account.username }
expect(response).to have_http_status(404)
end
end
context 'when account is suspended' do context 'when account is suspended' do
it 'returns http gone' do it 'returns http gone' do
account = Fabricate(:account, suspended: true) account = Fabricate(:account, suspended: true)