diff options
| author | Claire <claire.github-309c@sitedethib.com> | 2022-05-26 22:49:47 +0200 |
|---|---|---|
| committer | Claire <claire.github-309c@sitedethib.com> | 2022-05-26 22:49:47 +0200 |
| commit | 7c6fff34d059c90eafdb1beeb2597a9606453582 (patch) | |
| tree | c1376f9a3a7533c2d43fc9e281c92d168e941846 /app/controllers | |
| parent | a33a0f69523298520704b98d4dc7fdd1accae642 (diff) | |
| parent | 52f4e834f293c9fdbf5805639d022ac4e3856b75 (diff) | |
Merge branch 'main' into glitch-soc/merge-upstream
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/activitypub/base_controller.rb | 1 | ||||
| -rw-r--r-- | app/controllers/api/base_controller.rb | 5 | ||||
| -rw-r--r-- | app/controllers/auth/confirmations_controller.rb | 2 |
3 files changed, 7 insertions, 1 deletions
diff --git a/app/controllers/activitypub/base_controller.rb b/app/controllers/activitypub/base_controller.rb index 196d85a32..b8a7e0ab9 100644 --- a/app/controllers/activitypub/base_controller.rb +++ b/app/controllers/activitypub/base_controller.rb @@ -2,6 +2,7 @@ class ActivityPub::BaseController < Api::BaseController skip_before_action :require_authenticated_user! + skip_before_action :require_not_suspended! skip_around_action :set_locale private diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index d96285b44..2e393fbb6 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -11,6 +11,7 @@ class Api::BaseController < ApplicationController skip_before_action :require_functional!, unless: :whitelist_mode? before_action :require_authenticated_user!, if: :disallow_unauthenticated_api_access? + before_action :require_not_suspended! before_action :set_cache_headers protect_from_forgery with: :null_session @@ -97,6 +98,10 @@ class Api::BaseController < ApplicationController render json: { error: 'This method requires an authenticated user' }, status: 401 unless current_user end + def require_not_suspended! + render json: { error: 'Your login is currently disabled' }, status: 403 if current_user&.account&.suspended? + end + def require_user! if !current_user render json: { error: 'This method requires an authenticated user' }, status: 422 diff --git a/app/controllers/auth/confirmations_controller.rb b/app/controllers/auth/confirmations_controller.rb index 17ad56fa8..0817a905c 100644 --- a/app/controllers/auth/confirmations_controller.rb +++ b/app/controllers/auth/confirmations_controller.rb @@ -89,7 +89,7 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController def after_confirmation_path_for(_resource_name, user) if user.created_by_application && truthy_param?(:redirect_to_app) - user.created_by_application.redirect_uri + user.created_by_application.confirmation_redirect_uri else super end |