~cytrogen/masto-fe: Fix HTTP 500 in `/api/v1/emails/check_confirmation` (#25595)

2 files changed, 9 insertions(+), 0 deletions(-)

M app/controllers/api/v1/emails/confirmations_controller.rb
M spec/controllers/api/v1/emails/confirmations_controller_spec.rb

M app/controllers/api/v1/emails/confirmations_controller.rb => app/controllers/api/v1/emails/confirmations_controller.rb +1 -0

@@ 5,6 5,7 @@ class Api::V1::Emails::ConfirmationsController < Api::BaseController
   before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, except: :check
   before_action :require_user_owned_by_application!, except: :check
   before_action :require_user_not_confirmed!, except: :check
+  before_action :require_authenticated_user!, only: :check
 
   def create
     current_user.update!(email: params[:email]) if params.key?(:email)

M spec/controllers/api/v1/emails/confirmations_controller_spec.rb => spec/controllers/api/v1/emails/confirmations_controller_spec.rb +8 -0

@@ 130,5 130,13 @@ RSpec.describe Api::V1::Emails::ConfirmationsController do
         end
       end
     end
+
+    context 'without an oauth token and an authentication cookie' do
+      it 'returns http unauthorized' do
+        get :check
+
+        expect(response).to have_http_status(401)
+      end
+    end
   end
 end