Unconfirmed email profile should return 404

- Added a check for profiles whose email has not been confirmed, so the show page can return 404 for such profiles
rubygems · Oct 18, 2024 · 9dd517e · 9dd517e
1 parent fead145
commit 9dd517e
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 1 deletion.
diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb
@@ -9,7 +9,15 @@ class ProfilesController < ApplicationController
 
   def show
     @user = User.find_by_slug!(params[:id])
-    @rubygems = @user.rubygems_downloaded.includes(%i[latest_version gem_download]).strict_loading
+    return @rubygems = @user.rubygems_downloaded.includes(%i[latest_version gem_download]).strict_loading if @user.email_confirmed?
+    respond_to do |format|
+      format.any do
+        render plain: t(:this_rubygem_could_not_be_found), status: :not_found
+      end
+      format.html do
+        render file: Rails.public_path.join("404.html"), status: :not_found, layout: false, formats: [:html]
+      end
+    end
   end
 
   def me

diff --git a/test/functional/profiles_controller_test.rb b/test/functional/profiles_controller_test.rb
@@ -12,6 +12,19 @@ class ProfilesControllerTest < ActionController::TestCase
     end
   end
 
+  context "for a user whose email is not confirmed" do
+    setup do
+      @user = create(:user)
+      @user.update(email_confirmed: false)
+    end
+
+    should "render not found page" do
+      get :show, params: { id: @user.handle }
+
+      assert_response :not_found
+    end
+  end
+
   context "when not logged in" do
     setup { @user = create(:user) }