From: Eugen Rochko <eugen@zeonfederated.com>
Date: Mon, 30 Apr 2018 07:13:14 +0000 (+0200)
Subject: Disable API access when login is disabled (#7289)
X-Git-Url: https://git.xn--scling-oua.cat.family/?a=commitdiff_plain;h=f62ee1ddb0364d749e9df5559a243ebe3570cd2a;p=mastodon.git

Disable API access when login is disabled (#7289)
---

diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb
index 7b5168b31..b5c084e14 100644
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@@ -66,8 +66,10 @@ class Api::BaseController < ApplicationController
   end
 
   def require_user!
-    if current_user
+    if current_user && !current_user.disabled?
       set_user_activity
+    elsif current_user
+      render json: { error: 'Your login is currently disabled' }, status: 403
     else
       render json: { error: 'This method requires an authenticated user' }, status: 422
     end