Fix incorrect redirect in response to unauthenticated API requests in limited federation mode (#34549)

2026-02-04 03:25:14 +00:00 · 2025-05-05 15:11:26 +02:00 · 2025-05-05 15:11:26 +02:00 · d5a905f1c8
commit d5a905f1c8
parent 0e026eafef
2 changed files with 24 additions and 1 deletions
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@ -141,6 +141,13 @@ class Api::BaseController < ApplicationController
    end
  end

+  # Redefine `require_functional!` to properly output JSON instead of HTML redirects
+  def require_functional!
+    return if current_user.functional?
+
+    require_user!
+  end
+
  def render_empty
    render json: {}, status: 200
  end
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -68,7 +68,23 @@ class ApplicationController < ActionController::Base
  end

  def require_functional!
-    redirect_to edit_user_registration_path unless current_user.functional?
+    return if current_user.functional?
+
+    respond_to do |format|
+      format.any do
+        redirect_to edit_user_registration_path
+      end
+
+      format.json do
+        if !current_user.confirmed?
+          render json: { error: 'Your login is missing a confirmed e-mail address' }, status: 403
+        elsif !current_user.approved?
+          render json: { error: 'Your login is currently pending approval' }, status: 403
+        elsif !current_user.functional?
+          render json: { error: 'Your login is currently disabled' }, status: 403
+        end
+      end
+    end
  end

  def skip_csrf_meta_tags?