API user creation behing a toggle

I've added a toggle feature (in internal settings) so that user api creation can be disabled while form registration still can be enabled.
Also, the /api/user endpoint shouldn't require authentication. Even if we check the authentication when sending a GET request, to retrieve current user information.

I've moved all the internal settings definition to config to avoid duplicated place to define them.
I don't know why we didn't did that earlier.

1 files changed, 3 insertions, 3 deletions

diff --git a/src/Wallabag/ApiBundle/Controller/UserRestController.php b/src/Wallabag/ApiBundle/Controller/UserRestController.php
index a1b78e3f..1fc67d00 100644
--- a/src/Wallabag/ApiBundle/Controller/UserRestController.php
+++ b/src/Wallabag/ApiBundle/Controller/UserRestController.php
@@ -43,7 +43,7 @@ class UserRestController extends WallabagRestController
      */
     public function putUserAction(Request $request)
     {
-        if (!$this->container->getParameter('fosuser_registration')) {
+        if (!$this->getParameter('fosuser_registration') || !$this->get('craue_config')->get('api_user_registration')) {
             $json = $this->get('serializer')->serialize(['error' => "Server doesn't allow registrations"], 'json');
 
             return (new JsonResponse())->setJson($json)->setStatusCode(403);
@@ -51,8 +51,8 @@ class UserRestController extends WallabagRestController
 
         $userManager = $this->get('fos_user.user_manager');
         $user = $userManager->createUser();
-        // enable created user by default
-        $user->setEnabled(true);
+        // user will be disabled BY DEFAULT to avoid spamming account to be created
+        $user->setEnabled(false);
 
         $form = $this->createForm('Wallabag\UserBundle\Form\NewUserType', $user, [
             'csrf_protection' => false,