about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--app/controllers/concerns/account_owned_concern.rb5
-rw-r--r--spec/controllers/concerns/account_controller_concern_spec.rb23
2 files changed, 28 insertions, 0 deletions
diff --git a/app/controllers/concerns/account_owned_concern.rb b/app/controllers/concerns/account_owned_concern.rb
index 62e379846..25149d03f 100644
--- a/app/controllers/concerns/account_owned_concern.rb
+++ b/app/controllers/concerns/account_owned_concern.rb
@@ -8,6 +8,7 @@ module AccountOwnedConcern
     before_action :set_account, if: :account_required?
     before_action :check_account_approval, if: :account_required?
     before_action :check_account_suspension, if: :account_required?
+    before_action :check_account_confirmation, if: :account_required?
   end
 
   private
@@ -28,6 +29,10 @@ module AccountOwnedConcern
     not_found if @account.local? && @account.user_pending?
   end
 
+  def check_account_confirmation
+    not_found if @account.local? && !@account.user_confirmed?
+  end
+
   def check_account_suspension
     if @account.suspended_permanently?
       permanent_suspension_response
diff --git a/spec/controllers/concerns/account_controller_concern_spec.rb b/spec/controllers/concerns/account_controller_concern_spec.rb
index 835645414..99975f4c4 100644
--- a/spec/controllers/concerns/account_controller_concern_spec.rb
+++ b/spec/controllers/concerns/account_controller_concern_spec.rb
@@ -11,10 +11,33 @@ describe ApplicationController, type: :controller do
     end
   end
 
+  around do |example|
+    registrations_mode = Setting.registrations_mode
+    example.run
+    Setting.registrations_mode = registrations_mode
+  end
+
   before do
     routes.draw { get 'success' => 'anonymous#success' }
   end
 
+  context 'when account is unconfirmed' do
+    it 'returns http not found' do
+      account = Fabricate(:user, confirmed_at: nil).account
+      get 'success', params: { account_username: account.username }
+      expect(response).to have_http_status(404)
+    end
+  end
+
+  context 'when account is not approved' do
+    it 'returns http not found' do
+      Setting.registrations_mode = 'approved'
+      account = Fabricate(:user, approved: false).account
+      get 'success', params: { account_username: account.username }
+      expect(response).to have_http_status(404)
+    end
+  end
+
   context 'when account is suspended' do
     it 'returns http gone' do
       account = Fabricate(:account, suspended: true)
generated by cgit-pink (git 2.37.1) at 2024-11-08 03:20:58 +0000