Skip to content
This repository has been archived by the owner on Dec 21, 2023. It is now read-only.

Commit

Permalink
Change public profile pages to be disabled for unconfirmed users (mas…
Browse files Browse the repository at this point in the history 
…todon#17385)

Fixes mastodon#17382

Note that unconfirmed and unapproved accounts can still be searched for
and their (empty) account retrieved using the REST API.
  • Loading branch information
@ClearlyClaire
ClearlyClaire authored Jan 28, 2022
1 parent e38fc31 commit f5639e1
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 0 deletions.
5 changes: 5 additions & 0 deletions app/controllers/concerns/account_owned_concern.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ module AccountOwnedConcern
before_action :set_account, if: :account_required?
before_action :check_account_approval, if: :account_required?
before_action :check_account_suspension, if: :account_required?
before_action :check_account_confirmation, if: :account_required?
end

private
Expand All @@ -28,6 +29,10 @@ def check_account_approval
not_found if @account.local? && @account.user_pending?
end

def check_account_confirmation
not_found if @account.local? && !@account.user_confirmed?
end

def check_account_suspension
if @account.suspended_permanently?
permanent_suspension_response
Expand Down
23 changes: 23 additions & 0 deletions spec/controllers/concerns/account_controller_concern_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,33 @@ def success
end
end

around do |example|
registrations_mode = Setting.registrations_mode
example.run
Setting.registrations_mode = registrations_mode
end

before do
routes.draw { get 'success' => 'anonymous#success' }
end

context 'when account is unconfirmed' do
it 'returns http not found' do
account = Fabricate(:user, confirmed_at: nil).account
get 'success', params: { account_username: account.username }
expect(response).to have_http_status(404)
end
end

context 'when account is not approved' do
it 'returns http not found' do
Setting.registrations_mode = 'approved'
account = Fabricate(:user, approved: false).account
get 'success', params: { account_username: account.username }
expect(response).to have_http_status(404)
end
end

context 'when account is suspended' do
it 'returns http gone' do
account = Fabricate(:account, suspended: true)
Expand Down

0 comments on commit f5639e1

Please sign in to comment.