From 9dd517ea0bb9880a0642983420599e20d94e508f Mon Sep 17 00:00:00 2001 From: Kingsley Chijioke Date: Fri, 18 Oct 2024 12:24:22 +0100 Subject: [PATCH] Unconfirmed email profile should return 404 - Added a check for profiles whose email has not been confirmed, so the show page can return 404 for such profiles --- app/controllers/profiles_controller.rb | 10 +++++++++- test/functional/profiles_controller_test.rb | 13 +++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb index 1adbf233817..4bc699789e6 100644 --- a/app/controllers/profiles_controller.rb +++ b/app/controllers/profiles_controller.rb @@ -9,7 +9,15 @@ class ProfilesController < ApplicationController def show @user = User.find_by_slug!(params[:id]) - @rubygems = @user.rubygems_downloaded.includes(%i[latest_version gem_download]).strict_loading + return @rubygems = @user.rubygems_downloaded.includes(%i[latest_version gem_download]).strict_loading if @user.email_confirmed? + respond_to do |format| + format.any do + render plain: t(:this_rubygem_could_not_be_found), status: :not_found + end + format.html do + render file: Rails.public_path.join("404.html"), status: :not_found, layout: false, formats: [:html] + end + end end def me diff --git a/test/functional/profiles_controller_test.rb b/test/functional/profiles_controller_test.rb index 1cfbb165ec8..0cb3ab5a29d 100644 --- a/test/functional/profiles_controller_test.rb +++ b/test/functional/profiles_controller_test.rb @@ -12,6 +12,19 @@ class ProfilesControllerTest < ActionController::TestCase end end + context "for a user whose email is not confirmed" do + setup do + @user = create(:user) + @user.update(email_confirmed: false) + end + + should "render not found page" do + get :show, params: { id: @user.handle } + + assert_response :not_found + end + end + context "when not logged in" do setup { @user = create(:user) }