Fix unapproved users being able to log in after registration mode set to closed. (#3096)

- Fixes #3095
2024-11-22 20:43:05 +00:00 · 2023-06-14 19:02:17 -04:00 · 2023-06-14 19:02:17 -04:00 · 5af831c6fa
commit 5af831c6fa
parent ebd8c86f0e
2 changed files with 7 additions and 1 deletions
--- a/crates/api_common/src/utils.rs
+++ b/crates/api_common/src/utils.rs
@ -523,7 +523,8 @@ pub async fn check_registration_application(
  local_site: &LocalSite,
  pool: &DbPool,
 ) -> Result<(), LemmyError> {
-  if local_site.registration_mode == RegistrationMode::RequireApplication
+  if (local_site.registration_mode == RegistrationMode::RequireApplication
+    || local_site.registration_mode == RegistrationMode::Closed)
    && !local_user_view.local_user.accepted_application
    && !local_user_view.person.admin
  {
--- a/crates/api_crud/src/user/create.rs
+++ b/crates/api_crud/src/user/create.rs
@ -103,12 +103,17 @@ impl PerformCrud for Register {
      .await
      .map_err(|e| LemmyError::from_error_message(e, "user_already_exists"))?;

+    // Automatically set their application as accepted, if they created this with open registration.
+    // Also fixes a bug which allows users to log in when registrations are changed to closed.
+    let accepted_application = Some(!require_registration_application);
+
    // Create the local user
    let local_user_form = LocalUserInsertForm::builder()
      .person_id(inserted_person.id)
      .email(data.email.as_deref().map(str::to_lowercase))
      .password_encrypted(data.password.to_string())
      .show_nsfw(Some(data.show_nsfw))
+      .accepted_application(accepted_application)
      .build();

    let inserted_local_user = match LocalUser::create(context.pool(), &local_user_form).await {