9f376c43b5
This makes account signup enforcement consistent when signup is disabled at the installation level. Email signup and Google signup now stay blocked regardless of whether the config value is stored as a string or a boolean. This effectively covers the config-loader path, where `YAML.safe_load` reads `value: false` from `installation_config.yml` as a native boolean and persists it that way. - Normalized the account signup check so disabled signup is handled consistently across config value types. - Reused the same check across API signup and Google signup entry points. - Added regression coverage for the disabled-signup cases in the existing controller specs. --------- Co-authored-by: Vishnu Narayanan <iamwishnu@gmail.com>
70 lines
2.1 KiB
Ruby
70 lines
2.1 KiB
Ruby
class Api::V2::AccountsController < Api::BaseController
|
|
include AuthHelper
|
|
|
|
skip_before_action :authenticate_user!, :set_current_user, :handle_with_exception,
|
|
only: [:create], raise: false
|
|
before_action :check_signup_enabled, only: [:create]
|
|
before_action :validate_captcha, only: [:create]
|
|
before_action :fetch_account, except: [:create]
|
|
before_action :check_authorization, except: [:create]
|
|
|
|
rescue_from CustomExceptions::Account::InvalidEmail,
|
|
CustomExceptions::Account::UserExists,
|
|
CustomExceptions::Account::UserErrors,
|
|
with: :render_error_response
|
|
|
|
def create
|
|
@user, @account = AccountBuilder.new(
|
|
email: account_params[:email],
|
|
user_password: account_params[:password],
|
|
locale: account_params[:locale],
|
|
user: current_user
|
|
).perform
|
|
|
|
fetch_account_and_user_info
|
|
update_account_info if @account.present?
|
|
|
|
if @user
|
|
send_auth_headers(@user)
|
|
render 'api/v1/accounts/create', format: :json, locals: { resource: @user }
|
|
else
|
|
render_error_response(CustomExceptions::Account::SignupFailed.new({}))
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def account_attributes
|
|
{
|
|
custom_attributes: @account.custom_attributes.merge({ 'onboarding_step' => 'profile_update' })
|
|
}
|
|
end
|
|
|
|
def update_account_info
|
|
@account.update!(
|
|
account_attributes
|
|
)
|
|
end
|
|
|
|
def fetch_account_and_user_info; end
|
|
|
|
def fetch_account
|
|
@account = current_user.accounts.find(params[:id])
|
|
@current_account_user = @account.account_users.find_by(user_id: current_user.id)
|
|
end
|
|
|
|
def account_params
|
|
params.permit(:account_name, :email, :name, :password, :locale, :domain, :support_email, :user_full_name)
|
|
end
|
|
|
|
def check_signup_enabled
|
|
raise ActionController::RoutingError, 'Not Found' unless GlobalConfigService.account_signup_enabled?
|
|
end
|
|
|
|
def validate_captcha
|
|
raise ActionController::InvalidAuthenticityToken, 'Invalid Captcha' unless ChatwootCaptcha.new(params[:h_captcha_client_response]).valid?
|
|
end
|
|
end
|
|
|
|
Api::V2::AccountsController.prepend_mod_with('Api::V2::AccountsController')
|