From d5a905f1c88d90974258d93e10d033fc978f3c88 Mon Sep 17 00:00:00 2001 From: Claire Date: Mon, 5 May 2025 15:11:26 +0200 Subject: [PATCH] Fix incorrect redirect in response to unauthenticated API requests in limited federation mode (#34549) --- app/controllers/api/base_controller.rb | 7 +++++++ app/controllers/application_controller.rb | 18 +++++++++++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index c764b4510..6e41c94fd 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -141,6 +141,13 @@ class Api::BaseController < ApplicationController end end + # Redefine `require_functional!` to properly output JSON instead of HTML redirects + def require_functional! + return if current_user.functional? + + require_user! + end + def render_empty render json: {}, status: 200 end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 6ec93f824..48396b57d 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -68,7 +68,23 @@ class ApplicationController < ActionController::Base end def require_functional! - redirect_to edit_user_registration_path unless current_user.functional? + return if current_user.functional? + + respond_to do |format| + format.any do + redirect_to edit_user_registration_path + end + + format.json do + if !current_user.confirmed? + render json: { error: 'Your login is missing a confirmed e-mail address' }, status: 403 + elsif !current_user.approved? + render json: { error: 'Your login is currently pending approval' }, status: 403 + elsif !current_user.functional? + render json: { error: 'Your login is currently disabled' }, status: 403 + end + end + end end def skip_csrf_meta_tags?