Fix incorrect redirect in response to unauthenticated API requests in limited federation mode (#34549)
This commit is contained in:
Claire
GitHub
parent
91db45b197
commit
d4944a2467
2 changed files with 25 additions and 4 deletions
|
|
@ -72,6 +72,13 @@ class Api::BaseController < ApplicationController
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Redefine `require_functional!` to properly output JSON instead of HTML redirects
|
||||||
|
def require_functional!
|
||||||
|
return if current_user.functional?
|
||||||
|
|
||||||
|
require_user!
|
||||||
|
end
|
||||||
|
|
||||||
def render_empty
|
def render_empty
|
||||||
render json: {}, status: 200
|
render json: {}, status: 200
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -72,6 +72,8 @@ class ApplicationController < ActionController::Base
|
||||||
def require_functional!
|
def require_functional!
|
||||||
return if current_user.functional?
|
return if current_user.functional?
|
||||||
|
|
||||||
|
respond_to do |format|
|
||||||
|
format.any do
|
||||||
if current_user.confirmed?
|
if current_user.confirmed?
|
||||||
redirect_to edit_user_registration_path
|
redirect_to edit_user_registration_path
|
||||||
else
|
else
|
||||||
|
|
@ -79,6 +81,18 @@ class ApplicationController < ActionController::Base
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
format.json do
|
||||||
|
if !current_user.confirmed?
|
||||||
|
render json: { error: 'Your login is missing a confirmed e-mail address' }, status: 403
|
||||||
|
elsif !current_user.approved?
|
||||||
|
render json: { error: 'Your login is currently pending approval' }, status: 403
|
||||||
|
elsif !current_user.functional?
|
||||||
|
render json: { error: 'Your login is currently disabled' }, status: 403
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def skip_csrf_meta_tags?
|
def skip_csrf_meta_tags?
|
||||||
false
|
false
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue