Fix incorrect redirect in response to unauthenticated API requests in limited federation mode (#34549)

2025-04-25 13:24:57 +02:00 · 2025-04-25 13:24:57 +02:00 · d4944a2467
commit d4944a2467
parent 91db45b197
2 changed files with 25 additions and 4 deletions
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@ -72,6 +72,13 @@ class Api::BaseController < ApplicationController
    end
  end

+  # Redefine `require_functional!` to properly output JSON instead of HTML redirects
+  def require_functional!
+    return if current_user.functional?
+
+    require_user!
+  end
+
  def render_empty
    render json: {}, status: 200
  end
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -72,10 +72,24 @@ class ApplicationController < ActionController::Base
  def require_functional!
    return if current_user.functional?

-    if current_user.confirmed?
-      redirect_to edit_user_registration_path
-    else
-      redirect_to auth_setup_path
+    respond_to do |format|
+      format.any do
+        if current_user.confirmed?
+          redirect_to edit_user_registration_path
+        else
+          redirect_to auth_setup_path
+        end
+      end
+
+      format.json do
+        if !current_user.confirmed?
+          render json: { error: 'Your login is missing a confirmed e-mail address' }, status: 403
+        elsif !current_user.approved?
+          render json: { error: 'Your login is currently pending approval' }, status: 403
+        elsif !current_user.functional?
+          render json: { error: 'Your login is currently disabled' }, status: 403
+        end
+      end
    end
  end