From 5d2fc6de321ac556ded72e5a8fa9fcf47d172e16 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Mon, 24 Dec 2018 19:12:38 +0100 Subject: Add REST API for creating an account (#9572) * Add REST API for creating an account The method is available to apps with a token obtained via the client credentials grant. It creates a user and account records, as well as an access token for the app that initiated the request. The user is unconfirmed, and an e-mail is sent as usual. The method returns the access token, which the app should save for later. The REST API is not available to users with unconfirmed accounts, so the app must be smart to wait for the user to click a link in their e-mail inbox. The method is rate-limited by IP to 5 requests per 30 minutes. * Redirect users back to app from confirmation if they were created with an app * Add tests * Return 403 on the method if registrations are not open * Require agreement param to be true in the API when creating an account --- app/controllers/api/base_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/api/base_controller.rb') diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index ac8de5fc0..2bf8e82db 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -68,7 +68,7 @@ class Api::BaseController < ApplicationController end def require_user! - if current_user && !current_user.disabled? + if current_user && !current_user.disabled? && current_user.confirmed? set_user_activity elsif current_user render json: { error: 'Your login is currently disabled' }, status: 403 -- cgit From bf70e5cfdaef9b7a3a927548a05203a864d5bea9 Mon Sep 17 00:00:00 2001 From: Takeshi Umeda Date: Wed, 26 Dec 2018 03:35:26 +0900 Subject: Add error message with invalid email confirmation (#9625) --- app/controllers/api/base_controller.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'app/controllers/api/base_controller.rb') diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index 2bf8e82db..a1dd30918 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -68,12 +68,14 @@ class Api::BaseController < ApplicationController end def require_user! - if current_user && !current_user.disabled? && current_user.confirmed? - set_user_activity - elsif current_user + if !current_user + render json: { error: 'This method requires an authenticated user' }, status: 422 + elsif current_user.disabled? render json: { error: 'Your login is currently disabled' }, status: 403 + elsif !current_user.confirmed? + render json: { error: 'Email confirmation is not completed' }, status: 403 else - render json: { error: 'This method requires an authenticated user' }, status: 422 + set_user_activity end end -- cgit