From 426bb453d295900fb3e35dce2f9081a42639cf27 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Fri, 2 Jun 2017 10:19:33 +0200 Subject: API user creation behing a toggle I've added a toggle feature (in internal settings) so that user api creation can be disabled while form registration still can be enabled. Also, the /api/user endpoint shouldn't require authentication. Even if we check the authentication when sending a GET request, to retrieve current user information. I've moved all the internal settings definition to config to avoid duplicated place to define them. I don't know why we didn't did that earlier. --- src/Wallabag/ApiBundle/Controller/UserRestController.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/Wallabag/ApiBundle/Controller') diff --git a/src/Wallabag/ApiBundle/Controller/UserRestController.php b/src/Wallabag/ApiBundle/Controller/UserRestController.php index a1b78e3f..1fc67d00 100644 --- a/src/Wallabag/ApiBundle/Controller/UserRestController.php +++ b/src/Wallabag/ApiBundle/Controller/UserRestController.php @@ -43,7 +43,7 @@ class UserRestController extends WallabagRestController */ public function putUserAction(Request $request) { - if (!$this->container->getParameter('fosuser_registration')) { + if (!$this->getParameter('fosuser_registration') || !$this->get('craue_config')->get('api_user_registration')) { $json = $this->get('serializer')->serialize(['error' => "Server doesn't allow registrations"], 'json'); return (new JsonResponse())->setJson($json)->setStatusCode(403); @@ -51,8 +51,8 @@ class UserRestController extends WallabagRestController $userManager = $this->get('fos_user.user_manager'); $user = $userManager->createUser(); - // enable created user by default - $user->setEnabled(true); + // user will be disabled BY DEFAULT to avoid spamming account to be created + $user->setEnabled(false); $form = $this->createForm('Wallabag\UserBundle\Form\NewUserType', $user, [ 'csrf_protection' => false, -- cgit v1.2.3