diff options
author | Jeremy Benoist <jeremy.benoist@gmail.com> | 2017-06-02 10:19:33 +0200 |
---|---|---|
committer | Jeremy Benoist <jeremy.benoist@gmail.com> | 2017-06-02 11:32:38 +0200 |
commit | 426bb453d295900fb3e35dce2f9081a42639cf27 (patch) | |
tree | 77fc6aedf17640a9d13a817e25fbd06ab89b471f /src/Wallabag/ApiBundle | |
parent | a687c8d915276eee0c0494156700f7d0c0606735 (diff) | |
download | wallabag-426bb453d295900fb3e35dce2f9081a42639cf27.tar.gz wallabag-426bb453d295900fb3e35dce2f9081a42639cf27.tar.zst wallabag-426bb453d295900fb3e35dce2f9081a42639cf27.zip |
API user creation behing a toggle
I've added a toggle feature (in internal settings) so that user api creation can be disabled while form registration still can be enabled.
Also, the /api/user endpoint shouldn't require authentication. Even if we check the authentication when sending a GET request, to retrieve current user information.
I've moved all the internal settings definition to config to avoid duplicated place to define them.
I don't know why we didn't did that earlier.
Diffstat (limited to 'src/Wallabag/ApiBundle')
-rw-r--r-- | src/Wallabag/ApiBundle/Controller/UserRestController.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/Wallabag/ApiBundle/Controller/UserRestController.php b/src/Wallabag/ApiBundle/Controller/UserRestController.php index a1b78e3f..1fc67d00 100644 --- a/src/Wallabag/ApiBundle/Controller/UserRestController.php +++ b/src/Wallabag/ApiBundle/Controller/UserRestController.php | |||
@@ -43,7 +43,7 @@ class UserRestController extends WallabagRestController | |||
43 | */ | 43 | */ |
44 | public function putUserAction(Request $request) | 44 | public function putUserAction(Request $request) |
45 | { | 45 | { |
46 | if (!$this->container->getParameter('fosuser_registration')) { | 46 | if (!$this->getParameter('fosuser_registration') || !$this->get('craue_config')->get('api_user_registration')) { |
47 | $json = $this->get('serializer')->serialize(['error' => "Server doesn't allow registrations"], 'json'); | 47 | $json = $this->get('serializer')->serialize(['error' => "Server doesn't allow registrations"], 'json'); |
48 | 48 | ||
49 | return (new JsonResponse())->setJson($json)->setStatusCode(403); | 49 | return (new JsonResponse())->setJson($json)->setStatusCode(403); |
@@ -51,8 +51,8 @@ class UserRestController extends WallabagRestController | |||
51 | 51 | ||
52 | $userManager = $this->get('fos_user.user_manager'); | 52 | $userManager = $this->get('fos_user.user_manager'); |
53 | $user = $userManager->createUser(); | 53 | $user = $userManager->createUser(); |
54 | // enable created user by default | 54 | // user will be disabled BY DEFAULT to avoid spamming account to be created |
55 | $user->setEnabled(true); | 55 | $user->setEnabled(false); |
56 | 56 | ||
57 | $form = $this->createForm('Wallabag\UserBundle\Form\NewUserType', $user, [ | 57 | $form = $this->createForm('Wallabag\UserBundle\Form\NewUserType', $user, [ |
58 | 'csrf_protection' => false, | 58 | 'csrf_protection' => false, |